SSL certs on proxy pool?
Patrick Radtke
phr2101 at columbia.edu
Wed Aug 2 13:29:11 EDT 2006
we have a mail.columbia.edu cert on each of our frontends.
They are behind a load balancer which has the name mail.columbia.edu.
Clients connect to the load balancer which passes them to one of the
frontends.
The CN name in the cert matches the name the client thinks they
connected to and things work fine.
-Patrick
On Aug 1, 2006, at 8:27 PM, Vincent Fox wrote:
>
> Wondering how people deal with SSL certs with multiple frontends?
>
> Do you put wildcard certs on the proxies and leave the SSL
> processing on
> each unit?
>
> Do you use an SSL-aware load-balancer and let it hold a cert for the
> published hostname and do the heavy lifting?
>
> If there's some 3rd way, I'm interested to hear it.
>
> I'm not really clear what would happen on a load-balancer with TLS
> switchovers, doesn't that imply the load-balancer has to be
> application-aware not just like a hardware version of stunnel?
>
> ----
> Cyrus Home Page: http://asg.web.cmu.edu/cyrus
> Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
> List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
More information about the Info-cyrus
mailing list