[CLUE-Tech] apache + ssl + web server cluster + one domain name= nightmare
Dan Harris
coronadh at coronasolutions.com
Mon Nov 26 17:36:24 MST 2001
This brings up a question I've had for a while.
My company runs a secure web application that isn't open to the general
public. We used to run it on NT4, which had a nice little cert server
application included that allowed me to make my own FREE certificate.
My users of course got the "there is a problem with this certificate"
hubbub..but they have already elected to trust us with a signed
contract..The encryption worked, that was all that mattered to both parties.
So we "upgraded" (koff) to Windows 2000 Server. Of course, someone in
Redmond saw that they were essentially giving away something of value
and had this feature removed or hidden so well that I can't find it.
After several frustrating hours of google-ing and digging through
marketing hype I finally found a 1-year TRIAL certificate offer.. Ugh..
So, now that I have ported my app over to PHP4/Linux I am in need of
another method of creating an SSL certificate. I don't want to pay $$
to Verisign or the like for theirs. I don't care if it gives the users
a message..
I just need some way to make a FREE (not trial version) certificate for
my use..
Can anyone point me in the right direction for this?
-Dan Harris
Mike Staver wrote:
> Yeah, it turns out I didn't get it working :( For load balancing, I'm
> using cluster cats. Now, I know it has something to do with cluster
> cats because I *should* be able to use just one cert, but try this. Go
> to:
>
> http://www.globaltaxnetwork.com
>
> Cluster cats seems to be a dumb load balancer because it doesn't keep
> the name www. It auto points you to www1, www2, or www3. This is
> stupid I know, but apparently that's just the way it works. Therefore,
> I need 3 certs, one for all three names. Then the fun part.... if you
> type in https://www.globaltaxnetwork.com, apache gets confused because
> it's expecting a cert file for www while cluster cats is redirecting via
> ip address - so apache just sees somebody coming in on the ip, so it
> defaults to the www1, www2, or www3 cert. The browser is still
> expecting www, so you get the warning. So, I just tried setting the
> default to www and the name specific cert to the numbered names. Still
> no go. So, rather than using cluster cats, I'm about ready to use some
> other kind of load balancer. Problem is, I need these boxes to share
> their cold fusion session variables, making cluster cats the only real
> option I think. And yes, I did sign temp certs for myself, but our
> customers not being very websavvy, just your average joe blow trying to
> get their taxes prepared, became confused. They kept emailing and
> calling us telling us our website isn't secure, not taking the time to
> read the warning. Which is still what's happening if somebody tries the
> url https://www.globaltaxnetwork.com. So, this is more of a pr thing
> for us, rather than functional.
>
> Dave Anselmi wrote:
>
More information about the clue-tech
mailing list