[TriLUG] SSL Certs
Ryan Leathers
Ryan.Leathers at globalknowledge.com
Fri Oct 22 15:03:19 EDT 2004
I have a farm of Jboss servers in my back 40 as well.
Rather than Local Director I chose to use LVS, but this is about the same.
I am using a single cert for the entire farm.
Just keep the same host name on all the servers and avoid the wildcard $$$.
Your other option is to cluster Jboss, in which case you don't need any
front end load balancing.
This should also offer superior performance. I don't do this myself since I
am forced to turn my app servers into private instances on a dime - again
LVS flexibility makes this easy.
Best o luck!
-----Original Message-----
From: Steve Hoffman [mailto:srhoffman at gmail.com]
Sent: Friday, October 22, 2004 2:29 PM
To: Triangle Linux Users Group discussion list
Subject: [TriLUG] SSL Certs
Ok, I don't claim to be any security expert, and it will probably show
in this message, please keep the teasing to a minimum <but feel free
to tease!>
I've never done a truly official SSL site, I've always generated a
self signed cert for personal use. Well I now need to BUY a cert for
our web-app, sounds easy right? Gets better.
First of all, the app servers are currently windows (I know..), but
they'll be replaced in a month or two with two brand spaking new Dell
poweredge 1750, RHEL3 boxes running jboss, and being load balanced by
a Cisco Local Director.
I already figured we'd need a wildcard cert because of the load
balancing and two machines serving the same webaddress, (is this a
correct assumption?), but if I buy the certs now won't I just have to
re-purchase new ones for the Linux boxes? I guess what I'm asking is
are the certificates OS independant, one version for win and another
for lin?
As always, any help greatly appreciated!
TriLUG mailing list : http://www.trilug.org/mailman/listinfo/trilug
TriLUG Organizational FAQ : http://trilug.org/faq/
TriLUG Member Services FAQ : http://members.trilug.org/services_faq/
TriLUG PGP Keyring : http://trilug.org/~chrish/trilug.asc
More information about the TriLUG
mailing list