SSL Servers with High Availability

SSL Servers with High Availability

Post by Paul Rub » Thu, 18 Feb 1999 04:00:00




>I would like to ask how to set up 2 web servers using SSL in a High
>Availability configuration.

>I mean that both servers would have the same name (i.e. www.HAserver.com) and
>both server would need to have a certificate where the subjects name, DN, UID,
>OU and so on would need to be exactly the same.

>Do you use the same or different certificates on each one of them??????? I
>hope someone has already encountered this same "problem" and can give me some
>advise.

If you can install the same private key on both servers, you can use
the same certificate on both.  The certificate is just an
authenticated statement from the certification authority that the
domain name really belongs to you.

If for technical or administrative reasons you have to have different
private keys for the two servers, you need separate certificates.

 
 
 

SSL Servers with High Availability

Post by Marc Slemk » Fri, 19 Feb 1999 04:00:00




>>I would like to ask how to set up 2 web servers using SSL in a High
>>Availability configuration.

>>I mean that both servers would have the same name (i.e. www.HAserver.com) and
>>both server would need to have a certificate where the subjects name, DN, UID,
>>OU and so on would need to be exactly the same.

>>Do you use the same or different certificates on each one of them??????? I
>>hope someone has already encountered this same "problem" and can give me some
>>advise.
>If you can install the same private key on both servers, you can use
>the same certificate on both.  The certificate is just an
>authenticated statement from the certification authority that the
>domain name really belongs to you.

Right, and while you would normally use the same certificate, you
need to be careful about how you implement the HA.

If it is failover, no problem.

If it is load balancing, then you need to have some way to ensure
that once a browser establishes a SSL "session" with the server, that
all subsequent requests go to the same server.  It will work fine if you
don't do this, but will be more resource intensive and have a fairly
significatn slowdown to the user since it will have to establish
the session over and over for every single hit.

A SSL session is normally maintained over multiple SSL reqeuests to a
server to avoid the expense of establishing the session every hit.

Some load balancers (like big/ip from f5; if it works or not is
another question...) have explicit support for SSL sessions so they
can direct future requests to the server that handled the original
request.  Some load balancers use lower-tech (and possibly problematic)
solutions of just using the source IP address to direct them to
the same machine.

 
 
 

1. Load balancing, high availability web server software

Do you have multiple servers in-house and a need for fault tolerant,
high-availability, failsafe or backup capabilities? If so, our server
application, Understudy? can save you considerable time and money on
hardware purchases and maintenance.  http://www.polyserve.com

Understudy has broad OS support, including Windows NT, Sun Solaris, Linux
and Free BSD. No specialized hardware is required and it will work with
any webserver

Understudy is available at a breakthrough price point starting as low as
$499. per server pair! We are offering a 30-day free trial - please click
here http://www.polyserve.com/form.html to download your free evaluation
copy, or to find out more about Understudy.

PolyServe, Inc.
Gary Hemminger, Director, Product Management

918 Parker Street, Suite A12
Berkeley, CA 94710
Phone: 510.665.2929/fax: 510.649.0660

2. DE450 on AlphaServer400

3. Setting up a basic High-Availability server

4. startx fails!!!!

5. High availability sun MySQL/Apache server?

6. GCC-Trouble !

7. high-availability redundant server systems

8. compatiblity problem between 2.2.0 and 2.2.9

9. Set up high availability web server clusters with Understudy!

10. Homegrown High Availability Print Server Solution Required

11. Adaptec SCSI card for High-availability file server.

12. High Availability Unix Web Server App