From: Andrew Morgan (no email)
Date: Wed Aug 02 2006 - 12:50:28 EDT
On Tue, 1 Aug 2006, Vincent Fox wrote:
> Wondering how people deal with SSL certs with multiple frontends?
>
> Do you put wildcard certs on the proxies and leave the SSL processing on
> each unit?
>
> Do you use an SSL-aware load-balancer and let it hold a cert for the
> published hostname and do the heavy lifting?
>
> If there's some 3rd way, I'm interested to hear it.
>
> I'm not really clear what would happen on a load-balancer with TLS
> switchovers, doesn't that imply the load-balancer has to be
> application-aware not just like a hardware version of stunnel?
We use a ServerIronXL network load balancer here, with 2 frontends behind
it. It just load balances the network ports IMAP, IMAPS, and LMTP between
the 2 frontends (no SSL processing on it). We have a cname,
imap.onid.oregonstate.edu, which points at the load balancer. The cert
for imap.onid.oregonstate.edu is installed on both frontends.
Andy
---- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
|
|
|