There have been lots of good advice so far, but I wanted to add a few clarifications.
While it is correct that servers responding to the same hostname don't require multiple SSL certification, you must also have them respond on the same IP address. SSL is transport layer and is negotiated between web server and browser before the http exchange takes place. Thus, you can't use something like rr dns to load balance https. The Cisco directors should be golden. Oh, and you can't run multiple SSL hostnames on the same IP address. Or maybe you can with an SSL accelerator? The second thing is that SSL certs don't so much support OS's as they do browsers. Just make sure you get a cert whose root CA cert is shipped with a wide range of browsers. SSL chain verification back to a trusted root CA cert is what makes https transparent on the client's browser. Some companies issue SSL certs that aren't supported in some browser versions. Furthermore, the good cert companies can issue you a limited-time demo SSL cert to test. Another small note is that some SSL certs require intermediate CA certs. Apache works fine with these. Hope this helps, -jrr -- TriLUG mailing list : http://www.trilug.org/mailman/listinfo/trilug TriLUG Organizational FAQ : http://trilug.org/faq/ TriLUG Member Services FAQ : http://members.trilug.org/services_faq/ TriLUG PGP Keyring : http://trilug.org/~chrish/trilug.asc
