SSL certs on proxy pool?

Andrew Morgan morgan at
Wed Aug 2 12:50:28 EDT 2006

On Tue, 1 Aug 2006, Vincent Fox wrote:

> Wondering how people deal with SSL certs with multiple frontends?
> Do you put wildcard certs on the proxies and leave the SSL processing on
> each unit?
> Do you use an SSL-aware load-balancer and let it hold a cert for the
> published hostname and do the heavy lifting?
> If there's some 3rd way, I'm interested to hear it.
> I'm not really clear what would happen on a load-balancer with TLS
> switchovers, doesn't that imply the load-balancer has to be
> application-aware not just like a hardware version of stunnel?

We use a ServerIronXL network load balancer here, with 2 frontends behind 
it.  It just load balances the network ports IMAP, IMAPS, and LMTP between 
the 2 frontends (no SSL processing on it).  We have a cname,, which points at the load balancer.  The cert 
for is installed on both frontends.


More information about the Info-cyrus mailing list