According to VeriSign and Thawte, we can't put a copy of a certificate on a second server without paying extra for the privilege. I know that it doesn't matter technically, but the licensing prevents us from doing it. Am I incorrect in this? --Dan
On Fri, 11 Jul 2003 12:23:24 -0600, "Soren Harward" <[EMAIL PROTECTED]> said: > On Fri 11 Jul 2003 at 10:09:00, Dan Reese said: > > Multiple domain names that are load balanced across 3 machines. Sounds > > like we're stuck with a tunnel machine or purchasing 3 copies for each > > domain. > > No, your really just need one cert for each domain. Use the same > per-domain private key on each machine, use round-robin DNS to serve the > same domain names from each machine, and nobody will be the wiser. > > Do this: > > SERVER1: example1.com : 192.168.1.1 > example2.com : 192.168.1.2 > example3.com : 192.168.1.3 > > SERVER2: example1.com : 192.168.2.1 > example2.com : 192.168.2.2 > example3.com : 192.168.2.3 > > SERVER3: example1.com : 192.168.3.1 > example2.com : 192.168.3.2 > example3.com : 192.168.3.3 > > Set up your DNS like so: > > example1.com A 192.168.1.1 > A 192.168.2.1 > A 192.168.3.1 > > example2.com A 192.168.1.2 > A 192.168.2.2 > A 192.168.3.2 > > example3.com A 192.168.1.3 > A 192.168.2.3 > A 192.168.3.3 > > Generate a private key for the example1.com domain called "example1.key" > and from this make a certificate signing request "example1.req". Do the > same for example2.com and example3.com. Send the reqs to Verisign or > whatever cert service you want. When the certs come back, copy each of > them, with their associated keys, to *each* of the webservers. The cert > checking doesn't care about IP's, just hostnames. As long as each > server responds to "exampleN.com" and has a correctly matched key/cert > pair, > you can use the same cert on as many machines as you want. > > -- > Soren Harward > [EMAIL PROTECTED] > > ____________________ > BYU Unix Users Group > http://uug.byu.edu/ > ___________________________________________________________________ > List Info: http://uug.byu.edu/cgi-bin/mailman/listinfo/uug-list > ____________________ BYU Unix Users Group http://uug.byu.edu/ ___________________________________________________________________ List Info: http://uug.byu.edu/cgi-bin/mailman/listinfo/uug-list
