On Thu, Mar 27, 2003, Shachar Shemesh wrote about "Re: SLL gateway": > Nadav Har'El wrote: > > >the site's > >certificate is installed inside the SSL accelerator > > > > > But that's precisely the problem. The setup you describe is only > applicable when a single SSL proxy handles a single web server. If one > proxy handles several servers, it needs a different certificate for the > different servers.
Right. And why is that a problem? An SSL accelrator or a cluster of such devices could potentially do SSL encryption for hundreds of different sites, provided that this number of keys and certificates are put on the device. Obviously, you'll also need an IP address per SSL site you plan to serve (this is a basic SSL limitation - you can't normally do "virtual hosts" with SSL). If you want to read more about what people expect from a full-featured SSL- accelerator, check http://www.radware.com/content/products/ct100/default.asp > between the various servers. If everyone are given the same IP, as is > Gili's case, that cannot be done. If that is not done, it is not > possible to distinguish between the various servers, and SSL server > authentication is not possible. Why is everyone given the same IP? Nothing prevents you him from giving 100 different IP addresses to one computer... -- Nadav Har'El | Thursday, Mar 27 2003, 23 Adar II 5763 [EMAIL PROTECTED] |----------------------------------------- Phone: +972-53-245868, ICQ 13349191 |A Nobel Peace Prize? I would KILL for one http://nadav.harel.org.il |of those. ================================================================= To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
