[TriLUG] SSL certificates
Jay Barrett
j.barrett at attglobal.net
Thu Sep 4 08:51:28 EDT 2003
Jon,
Jon,
I for two would love to see anything you have written on SSL as well.
Regards,
Jay
Jay at skyboxx.com
On Wed, 2003-09-03 at 14:47, Jon Carnes wrote:
> I've just setup a client for using his own CA and wrote out the specs in
> a how-to like fashion. If you want, I'll be happy to share them (with
> the client specifics removed).
>
> If you are doing DNS round-robin then that is going to be the best way
> of doing SSL - unless you simply use a separate host name for the SSL
> and only have it done on one server.
>
> When I set this up for a former employer, I used the LVS to front-end
> for several back-end servers, including servers running SSL. The
> front-end was all one IP Address so we only needed one cert, and then we
> put that cert on each of the back-end boxes. That was years ago and
> it's still up and running without any problems.
>
> The nice thing about using the LVS was that you could maintain state
> (the end-user would end up at the same back-end server as long as they
> made a request before a specific time-out period), but if the server
> went down, they were transparently shuttled to a new server.
>
> I don't think you get that with a DNS-round-robin; but it is a simpler
> setup.
>
> Jon
More information about the TriLUG
mailing list