[CLUE-Tech] apache + ssl + web server cluster + one domain name
= nightmare
Jeremiah Stanley
miah at miah.org
Mon Nov 26 13:45:40 MST 2001
> Alright, I have a question that I'm hoping somebody out there can
> answer. I have a certificate for the domain name
> www.globaltaxnetwork.com. Unfortunately as verisign works, I also had
> to buy signed certs for:
Technically speaking, you should be able to get a certificate that uses
the glob *.yourdomainhere.com which would allow you to use the cert for
all of your servers in your domain (not as secure though).
I believe that Thawte or Verisign (it's been a while) have a solution that
you would be able to buy a 'generic' cert to run all your boxes off of.
I could soapbox about how this should be opened up and not let Verisign
(who owns Thawte BTW) have a monopoly on the SSL certificate market. The
technology behind this is so trivial (anymore) that it would only take
getting a CA (certificate of authority) into all browsers shipping (like
IE, Netscape, Opera, Konqeror and Mozilla) to undermine their market with
a cheap/free alternative.
That's the cert side of the problem. I don't know how your load balancer
is working (too many ways to name) but you might be able to configure it
to do a DNS round robin and then tell Apache that all four of your servers
are the same hostname (making your CERTS work). And, round robin load
balancing is supported in BIND 8.2.3 and 9.1, BTW. Just a though, I hope
that isn't too confusing.
JStanley
--
Everybody has a right to be stupid, but some people abuse the privilege.
- Joseph Stalin
More information about the clue-tech
mailing list