Re: certs and load balancing?

Tue, 22 Jun 1999 00:37:25 -0700 

Just request a certificate for www.domain.com and put the
same keys and cert onto each of your xxx.10? machines.

The servers don't care about the CN (server name) in the 
cert. And the browser always asks for a page from 
www.domain.com and expects that server name in the cert.

It's really simple!

Dave Paris schrieb:
> 
> Greets,
> 
> I've been sifting through FAQs and archives, but I'm left with a
> lingering question.
> 
> Given the following configuration:
> 
>                         +-----------+
>                         |   router  |
>                         +-----------+
>                               |
>                               |
>              +----------------------------------+
>              |  Load Balancer 'www.domain.com'  |
>              +----------------------------------+
>                    /          |          \
>                   /           |           \
>                  /            |            \
>                 /             |             \
>          +-----------+  +-----------+  +-----------+
>          |  xxx.100  |  |  xxx.101  |  |  xxx.102  |
>          +-----------+  +-----------+  +-----------+
> 
> In the example, the Load Balancer is something akin to a Cisco
> LocalDirector or a Nortel Accelar 750.  Where the host of 'www' is
> actually the load balancer which forwards requests between
> xxx.xxx.xxx.100, .101, and .102.
> 
> The question posed is how does one handle certificates on each of .100,
> .101, and .102 such that  https://www.domain.com  can be handled by any
> of the three machines?
> 
> Obviously, the machines can't all be named the same and still resolve
> (ie, naming each of them 'www' with a different IP would result in DNS
> round-robining .. which isn't desirable)
> 
> Can anyone shed a little light on this one while I still have my hair
> left? (explanations, URLs, FAQ pointing all welcomed with open
> sockets..)
> 
> mille grazie in advance..
> -dsp
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      [EMAIL PROTECTED]
> Automated List Manager                            [EMAIL PROTECTED]

-- 
Holger Reif                  Tel.: +49 361 74707-0
SmartRing GmbH               Fax.: +49 361 7470720
Europaplatz 5             [EMAIL PROTECTED]
D-99091 Erfurt                    WWW.SmartRing.de
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      [EMAIL PROTECTED]
Automated List Manager                            [EMAIL PROTECTED]

Reply via email to