httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Robert Andersson" <rob...@profundis.nu>
Subject Re: [users@httpd] ssl cert for multiple server
Date Wed, 15 Oct 2003 05:27:58 GMT
patrick kuah wrote:
> I have two web servers load balance each other, can i use the same ssl
> Cert on both server ? because I'm only load balancing one url only.
> Is there any issue between the client and server for ssl session if i'm
> using the same cert for load balancing ???  My load balancing is using
> round robin manner.

I'm no expert on either SSL nor load balancing, but I can image the
combination to be tricky. Otherwise, HTTP is a sessionless protocol, so one
request can go to one server, and the next to another. But, with SSL all
communication, after the SSL session is setup, must be to the same server.

If you mean DNS round robin, where your DNS server resolve your hostname to
one of the server every second time, and vice versa, then it will probably
work most of the time, because the client cache the IP. I'm not too sure
about this though.

A alternate solution, if you are having problems, is to have a common entry
point, say http://secure.domain.tld/ that randomly redirects to
https://secure1.domain.tld/ and https://secure2.domain.tld/, which resolves
to a specific box. Assuming your certificate is for "domain.tld", this would
be essentially the same as the DNS round robin solution.

Regards,
Robert Andersson


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message