[TriLUG] Tricky routing issue

Chris Bullock cgbullock at yahoo.com
Mon Oct 29 21:04:02 EDT 2007


I agree with Robert, your certs are based on browser URL and the cert.  IP
address has nothing to do with your cert.  You can also get wildcard certs
where your cert is issued to *.yourdomain.com and it will cover all your
server in your domain.
Chris
--- Robert Dale <robdale at gmail.com> wrote:

> On 10/29/07, Joshua Gitlin <josh at digitalfruition.com> wrote:
> > Hello everyone,
> >
> > Looking for advice here. I have a complicated scenario and I'm not
> > sure how to se it up.
> >
> > Problem in a nutshell: I need to share an IP address between two or
> > more servers, because I need to use the same SSL certificate for two
> > different services on two different servers.
> >
> > I'm running a website and Jabber. Both need to have the same
> > certificate, and one server serves Jabber while another server runs
> > the websites. The way I decided to solve this issue was to create a
> > private 192.168 network between the two servers (web and jabber) and
> > place a PFSense router on that netwkr. That way if i assign the IP
> > with the cert attached to it to the PFSense router I can use port
> > forwarding to send Jabber to one server and web to the other.
> >
> > The issue is that the web server has multiple public IP addresses,
> > and if it's on both the private net and the public internet, this
> > setup doesn't work.
> >
> > Any ideas?
> 
> Well, you have the router there.  Just point all your public IPs at it
> and NAT to your webservers on private IPs.
> 
> Are your certs really based on IP address?  Consider getting certs
> based on hostnames as they are much more portable and versatile.
> 
> -- 
> Robert Dale
> -- 
> TriLUG mailing list        :
> http://www.trilug.org/mailman/listinfo/trilug
> TriLUG Organizational FAQ  : http://trilug.org/faq/
> TriLUG Member Services FAQ : http://members.trilug.org/services_faq/
> 


__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 



More information about the TriLUG mailing list