[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: SSL cert per virtual host.

To: "Ben Goren" <ben@trumpetpower.com>,"misc@openbsd.org" <misc@openbsd.org>
Subject: Re: SSL cert per virtual host.
From: "Rod... Whitworth" <listener@witworx.com>
Date: Wed, 20 Mar 2002 14:53:02 +1100

On Tue, 19 Mar 2002 20:31:45 -0700, Ben Goren wrote:

>On Tue, Mar 19, 2002 at 09:18:10PM -0600, Rick Francis wrote:
>
>> can  two  servers  have  the  same cert,  if  not  bound  to  an
>> interface, but to a fqdn...where  both servers are behind a load
>> balancer (e.g, arrowpoint)?
>>
>> rf
>
>As Shawn Wilton said lo these several hours ago, no.
>
>http://www.monkey.org/openbsd/archive/misc/0203/msg01304.html
>

It can be done but it is more complex than most people would consider
worthwhile.
There is more than just the certificate to consider. Suppose that a
client browser negotiated a session key with one machine behind a load
balancer and the next request from that client was handled by another
server with no knowlege of the session key.

This sort of thing is done by IBM commerce sites where the software is
designed to handle the situation. Session tracking and shared keys are
all possibilities if you have total control.

It would be way OT to continue detailing methods here. Suffice to say
that if you have to ask then you aren't ready to go further. You need
to understand https a lot more.

In the beginning was The Word
and The Word was Content-type: text/plain
The Word of Rod.

Follow-Ups:
- Re: SSL cert per virtual host.
  - From: Kasza Karoly <scythe@rudas.hu>

References:
- Re: SSL cert per virtual host.
  - From: Ben Goren <ben@trumpetpower.com>

Prev by Date: Re: SSL cert per non-virtual host.
Next by Date: Re: ahc driver problem
Prev by thread: Re: SSL cert per non-virtual host.
Next by thread: Re: SSL cert per virtual host.
Index(es):
- Date
- Thread