[TriLUG] SSL Certs
Matt Pusateri
mpusateri at wickedtrails.com
Fri Oct 22 15:13:50 EDT 2004
On Fri, October 22, 2004 2:55 pm, Tanner Lovelace said:
><SNIP>
>> First of all, the app servers are currently windows (I know..), but
>> they'll be replaced in a month or two with two brand spaking new
>> Dell
>> poweredge 1750, RHEL3 boxes running jboss, and being load balanced
>> by
>> a Cisco Local Director.
>>
>> I already figured we'd need a wildcard cert because of the load
>> balancing and two machines serving the same webaddress, (is this a
>> correct assumption?), but if I buy the certs now won't I just have
>> to
>> re-purchase new ones for the Linux boxes? I guess what I'm asking
>> is
>> are the certificates OS independant, one version for win and another
>> for lin?
>
> Excellent question, Steve. To answer your last question first, yes,
> SSL certificates are (afaik) OS independent. You should be able
> to use the same certificate on either windows or linux. The way you
> install and use the certificate will be different, but the certificate
> itself
> should be the same.
>
Hm, having bought Certificates for both. I believe they are indeed
different, not that they should be. I always thought MS did their
cert slightly different than OpenSSL. I know the Thawte certs I
bought always wanted me to pick when ordering which type of server you
want the cert to end up on. My recommendation if the CA says they are
different and I think they are, then most likely they will want you to
pay to change the cert to the other format. Can you self sign the
certs on the windows boxes until the Dell's come in and then when you
rollout the Dell's use real certs? Also I believe if you mention to
the CA that it will be multiple servers, they will want you to get a
wildcard cert as they want you to buy multiple certs. Also one of the
things the CA will want to do is do a hostname lookup on your server
to make sure it resolves properly. This is two fold. One to validate
that you are doing what you say you are doing. And Two, to make sure
you are not using multiple machines.
Matt Pusateri
More information about the TriLUG
mailing list