The server certificate contains the DNS name of the server host. If your spares are meant to run with the same DNS name as the primary server, then you can simply use the same certificate. This applies whether they are cold spares that use the same IP address, or whether your servers' DNS name is a "rator" DNS that names multiple servers' IP addresses.
(The converse is also true: if you have multiple DNS names pointing to the same server, you need separate certificates for them.) If your spares run at different DNS host names, you need separate certificates. But then they're not really (ready-to-run) spares, are they? If you do find yourself in a situation where you need certificates for many different servers each with their own DNS name, you may want to get a signing certificate (from Verisign or someone else) and use it to sign your own set of server certs. Cheers -- perry On Fri, Oct 25, 2002 at 06:54:52AM -0700, Paul Ogden wrote: > Hello, > > We are getting ready to host an app that requires a complement of offsite > cold spare backup servers. We are going to be testing the configuration of > the servers and our procedures for switching to cold spare in the event of a > catastrophic failure of the primary servers. > > My question is - what do I do about the certificate/key for the web server? > Can I merely move the server cert and private key files from the production > web server to the spare web server ( which has been built and configured > identically to the production box )? Or will this scenario require a second > certificate from the CA? > > We have signed our own certs in the past for internal intranet use for > smaller hosted apps with just a few client connecting, but this is for a > rather large customer and there will be many clients connecting to the app > so we must go with Verisign or such. > > Thanks, > > Paul Ogden > Claresco Corporation > (510) 549-2290 > > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List [EMAIL PROTECTED] > Automated List Manager [EMAIL PROTECTED] --------------------------------------------------------------------------- Perry The Cynic [EMAIL PROTECTED] To a blind optimist, an optimistic realist must seem like an Accursed Cynic. --------------------------------------------------------------------------- ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
