|
With SSL and LVS, you'll only need a single
certificate for the VIP.
For example, say you had a site www.foobar.com. You wanted ot provide HTTPS
access to this site. Say this site was load balanced onto four real servers. You
would purchase a certificate from Verisign for www.foobar.com and install that cert on each of
the real servers. Then you're done. One certificate for as many real servers as
you want.
You won't have to do anything with the certificates
and the director.
Don't panic -- it's easy -- just get a cert for the
VIP and you'll be fine. Think of it this way... as far as the end-user is
concerned, he's connecting directly to the VIP. As far as the real server is
concerned, the real server is the only server serving that VIP. If you get
something for the VIP, you'll make everyone happy.
(Or rather -- you're not getting a cert for the VIP
as much as you are for the FQDN of the website in particular)
All the best --
Ted
----- Original Message -----
Sent: Thursday, September 07, 2000 10:37
AM
Subject: LVS farm and SSL
certificates
Hi there,
I have a quick question regarding the use of SSL certificates in an LVS
setup.
In an LVS/DR environment, should I get a certificate for the VIP only or
one for each real server or one for all machines in the cluster. The client
browser/application will only access URLs with the VIPs hostname, but the
actual traffic will come from the real servers - according to verisign (http://www.verisign.com/rsc/wp/certshare/index.html),
a load balancing setup requires seperate certificates for each real server
(www1., www2, ....) but what about a certificate for the director (www.).
I am a bit unsure about what to do ... any help/tips is appreciated!
Regards
Andreas
--
| Andreas Schiffler aschiffler@xxxxxxxx |
| Senior Systems Engineer - Deskplayer Inc., Buffalo |
| 4707 Eastwood Cres., Niagara Falls, Ont L2E 1B4, Canada |
| +1-905-371-3652 (private) - +1-905-371-8834 (work/fax) |
| 