>>I would like to ask how to set up 2 web servers using SSL in a High
>>I mean that both servers would have the same name (i.e. www.HAserver.com) and
>>both server would need to have a certificate where the subjects name, DN, UID,
>>OU and so on would need to be exactly the same.
>>Do you use the same or different certificates on each one of them??????? I
>>hope someone has already encountered this same "problem" and can give me some
>If you can install the same private key on both servers, you can use
>the same certificate on both. The certificate is just an
>authenticated statement from the certification authority that the
>domain name really belongs to you.
Right, and while you would normally use the same certificate, you
need to be careful about how you implement the HA.
If it is failover, no problem.
If it is load balancing, then you need to have some way to ensure
that once a browser establishes a SSL "session" with the server, that
all subsequent requests go to the same server. It will work fine if you
don't do this, but will be more resource intensive and have a fairly
significatn slowdown to the user since it will have to establish
the session over and over for every single hit.
A SSL session is normally maintained over multiple SSL reqeuests to a
server to avoid the expense of establishing the session every hit.
Some load balancers (like big/ip from f5; if it works or not is
another question...) have explicit support for SSL sessions so they
can direct future requests to the server that handled the original
request. Some load balancers use lower-tech (and possibly problematic)
solutions of just using the source IP address to direct them to
the same machine.