[TriLUG] SSL Certs

[Ryan Leathers]

Steve,

I have a farm of Jboss servers in my back 40 as well.
Rather than Local Director I chose to use LVS, but this is about the same.
I am using a single cert for the entire farm.
Just keep the same host name on all the servers and avoid the wildcard $$$.

Your other option is to cluster Jboss, in which case you don't need any
front end load balancing.
This should also offer superior performance.  I don't do this myself since I
am forced to turn my app servers into private instances on a dime - again
LVS flexibility makes this easy.

Best o luck!

-----Original Message-----
From: Steve Hoffman [mailto:srhoffman at gmail.com]
Sent: Friday, October 22, 2004 2:29 PM
To: Triangle Linux Users Group discussion list
Subject: [TriLUG] SSL Certs


Ok, I don't claim to be any security expert, and it will probably show
in this message, please keep the teasing to a minimum <but feel free
to tease!>

I've never done a truly official SSL site, I've always generated a
self signed cert for personal use.  Well I now need to BUY a cert for
our web-app, sounds easy right?  Gets better.

First of all, the app servers are currently windows (I know..), but
they'll be replaced in a month or two with two brand spaking new Dell
poweredge 1750, RHEL3 boxes running jboss, and being load balanced by
a Cisco Local Director.

I already figured we'd need a wildcard cert because of the load
balancing and two machines serving the same webaddress, (is this a
correct assumption?), but if I buy the certs now won't I just have to
re-purchase new ones for the Linux boxes?  I guess what I'm asking is
are the certificates OS independant, one version for win and another
for lin?

As always, any help greatly appreciated!
Steve
-- 
TriLUG mailing list        : http://www.trilug.org/mailman/listinfo/trilug
TriLUG Organizational FAQ  : http://trilug.org/faq/
TriLUG Member Services FAQ : http://members.trilug.org/services_faq/
TriLUG PGP Keyring         : http://trilug.org/~chrish/trilug.asc