When we first deployed CoSign, quite a few years ago, we used a really simple
architecture: two servers with a DNS round-robin between them. We knew that
we'd want to do some sort of load balance eventually, but we assumed that this
would be straightforward to implement when we got around to it.
Well, quite a few years have passed, we have quite a few webapps using CoSign
and now I'm trying to get around to it, but I think I'm stuck.
We have two servers, "weblogin1" and "weblogin2", and "weblogin" is a DNS
round-robin across them both. All our webapps have weblogin listed as the
CosignHostname *and* the host in the CosignRedirect URL, and the certificate on
the cosign servers has a subject CN of weblogin.
I have two new servers, ("cosign1" and "cosign2") which I'd like to bring into
service, and this seems like a great time to have one name (e.g. "weblogin")
for "front end" use (i.e. CosignRedirect point to it) via VRRP or a load
balancer, and a different name (e.g. "cosign") for back end use without any HA
nonsense, since mod_cosign talks to all the cosignd instances for itself.
What I really want to do is change the "back end" name (i.e. the one configured
as CosignHostname in mod_cosign's config) from "weblogin" to "cosign", but each
cosignd can only have one certificate, so it can only have one "name", and
mod_cosign (quite rightly) fails to talk to a cosignd if the CN in the
certificate doesn't match the hostname that it has configured for it, so I
can't do an incremental migration from "old" cosignd servers to "new" cosignd
servers.
There are enough webapps, under diverse enough administration, that I think
it's impractical to get all webapp admins to do a simultaneous configuration
change (e.g. to change the CoSignHostname).
Is there an obvious migration path that I'm ignorant of, or have I really
painted myself into a corner on this one? Is there some magic that I can do
with replication or multihoming that would work? It'd be great if someone
worked through this kind of problem already...
Steve.
------------------------------------------------------------------------------
Master HTML5, CSS3, ASP.NET, MVC, AJAX, Knockout.js, Web API and
much more. Get web development skills now with LearnDevNow -
350+ hours of step-by-step video tutorials by Microsoft MVPs and experts.
SALE $99.99 this month only -- learn more at:
http://p.sf.net/sfu/learnmore_122812
_______________________________________________
Cosign-discuss mailing list
Cosign-discuss@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/cosign-discuss