Load balanced HTTPS servers ... single or multiple server certificates?

Discussion in 'Linux Networking' started by noone, Jan 20, 2005.

  1. noone

    noone Guest

    I have multiple servers running httpd, and they have a common inbound
    NAT'd address, but of course different internal / private IP addresses.

    If I were to serve web documents via https, can I just generate a snigle
    certificate request and apply the single certificate that I would
    receive ( say from Verisign ) to multiple hosts ?

    Or assuming I made individual certificate requests from each host, and
    received 2 certificates ... and then one of the hosts were replaced by a
    new machine ... can I "copy" the server certificate from the the machine
    that went down to the new replacement ?
     
    noone, Jan 20, 2005
    #1
    1. Advertisements

  2. noone

    dave windsor Guest

    SSL certs are issued to fully qualified domain names, say
    www.mysite.com. The cert would not be valid for any other FQDN, even
    subdimains of www.mysite.com. There exist "wildcard" certs that allow
    you to use a cert within subdomains of particular domain, i.e.
    *.mysite.com. For your situation, however, only 1 cert will be needed,
    since your webservers are referenced by the same FQDN (the domain name
    of your gateway, or whatever the domain name of your site happens to
    be).
    Yes, you can transfer the cert to another box, assuming the new box has
    the same FQDN as the old one.

    -dave
     
    dave windsor, Jan 20, 2005
    #2
    1. Advertisements

  3. noone

    /dev/null Guest

    SSL certs are issued to fully qualified domain names, say
    What "big name" (who's ca cert ships with most browsers) cert providers can
    you recommend that sell wildcard certs?

    Thanks!
     
    /dev/null, Jan 21, 2005
    #3
  4. noone

    noone Guest

    Ah! ... yet Verisign told me that I need to buy 2 certificates ... and
    so we did and for a time now have 2 certificates with the same public
    FQDN. Each was generated by different certificat requests, generated
    from each host. I'll give it a try.
     
    noone, Jan 27, 2005
    #4
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.