LVS
lvs-users
Google
 
Web LinuxVirtualServer.org

Re: Verisign Certs

To: "Joseph Mack" <mack.joseph@xxxxxxx>
Subject: Re: Verisign Certs
Cc: "Linux Virtual Server Mail List" <lvs-users@xxxxxxxxxxxxxxxxxxxxxx>
From: "David D.W. Downey" <david.downey@xxxxxxxx>
Date: Mon, 16 Oct 2000 12:51:06 -0700
Actually what the set up is is as follows

we have a number of servers all named like ws-01.qixo.com, ws-02.qixo.com
ect ect. They also have the name ws-01.qixo.org|net assigned to them as
well. (Internal reasonings, don't ask :))

Now, the VIP is assigned www.qixo.com|net|org in the DNS server (for obvious
reasons). We have NO httpd running on any of the front end nodes. Everything
is totally backend. (No default http page at the moment if any of the real
servers are dead)

Now, since the VIP is named .org,.com,.net and the front end nodes are named
vs-00 and vs-01.qixo.org how would I work through this?

Example: client surfs in on www.QIXO.com which is, of course, either vs-01
or vs-00.qixo.com (whose base name is really vs-XX.qixo.org to tha machine).
The LVS feeds the request to any of the backend servers who are named
ws-XX.qixo.org (but which all have a /etc/hosts entry for their IP but named
.com).

We have like 40 domains all told assigned to the single VIP. I take it then
that I would ahve to redo the DNS and LVS to assign different IPs to the
different domains rather than feeding them all through 1? That I can
understand.

BUT, the certificates would actually be loaded from the real servers
comprising the cluster correct? If so, how do you assign multiple certs on a
single machine that all feeds to the same directory but via different
<Virtual Host> entries in the httpd.conf?

(Hope that this is clear enough on what I'm trying to do. Sometimes my
explaination skills are on the downside. :-/)



----- Original Message -----
From: Joseph Mack <mack.joseph@xxxxxxx>
To: David D.W. Downey <david.downey@xxxxxxxx>
Cc: Linux Virtual Server Mail List <lvs-users@xxxxxxxxxxxxxxxxxxxxxx>
Sent: Monday, October 16, 2000 12:37 PM
Subject: Re: Verisign Certs


> "David D.W. Downey" wrote:
> >
> > Hey all,
> >     The company is looking into adding on a Verisign certificate. Are
there
> > any issues with this?
> > At the moment the one thing I've had trouble with in this is that the
server
> > handles multiple domains coming through the VIP. How would I handle
getting
> > ALL the domains their own certificate?
>
> I take it you don't mean how to get a certificate from Verisign (ans=fill
in
> one of the worst html forms on the internet)
>
> I assume you mean something like "what do you need certificate wise to set
> up lots of https sites". You need a certificate for each website. The
> certificate is for the name, not the IP. You have multiple LVS
real-servers
> all with the same name, all using copies of the same certificate. Before
you
> spend all your money, set up some self-signed certificates  from the
> Snake Oil Co.
>
> Joe
> --
> Joseph Mack PhD, Senior Systems Engineer, Lockheed Martin
> contractor to the National Environmental Supercomputer Center,
> mailto:mack.joseph@xxxxxxx ph# 919-541-0007, RTP, NC, USA
>



<Prev in Thread] Current Thread [Next in Thread>