SSL certs on proxy pool?
Andrew Morgan
morgan at orst.edu
Wed Aug 2 12:50:28 EDT 2006
On Tue, 1 Aug 2006, Vincent Fox wrote:
> Wondering how people deal with SSL certs with multiple frontends?
>
> Do you put wildcard certs on the proxies and leave the SSL processing on
> each unit?
>
> Do you use an SSL-aware load-balancer and let it hold a cert for the
> published hostname and do the heavy lifting?
>
> If there's some 3rd way, I'm interested to hear it.
>
> I'm not really clear what would happen on a load-balancer with TLS
> switchovers, doesn't that imply the load-balancer has to be
> application-aware not just like a hardware version of stunnel?
We use a ServerIronXL network load balancer here, with 2 frontends behind
it. It just load balances the network ports IMAP, IMAPS, and LMTP between
the 2 frontends (no SSL processing on it). We have a cname,
imap.onid.oregonstate.edu, which points at the load balancer. The cert
for imap.onid.oregonstate.edu is installed on both frontends.
Andy
More information about the Info-cyrus
mailing list