httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "patrick kuah" <patrickk...@msn.com>
Subject Re: [users@httpd] ssl cert for multiple server
Date Wed, 15 Oct 2003 18:54:21 GMT
THANK, Geoff  :)

I understand more clearly now :)

patrick


>From: Geoff Thorpe <geoff@geoffthorpe.net>
>To: users@httpd.apache.org
>CC: "patrick kuah" <patrickkuah@msn.com>
>Subject: Re: [users@httpd] ssl cert for multiple server
>Date: Wed, 15 Oct 2003 11:46:45 -0400
>
>Hi,
>
>On October 8, 2003 11:52 pm, patrick kuah wrote:
> > I have two web servers load balance each other, can i use the same ssl
> > Cert on both server ? because I'm only load balancing one url only. Is
> > there any issue between the client and server for ssl session if i'm
> > using the same cert for load balancing ???  My load balancing is using
> > round robin manner.
>
>You can use the same certificate and key on multiple web servers, but that
>won't solve the issue of SSL/TLS session caching and resumes. You either
>need to perform some kind of "SSL-sticky" load-balancing (ensuring that
>session resume requests from clients are routed to the same server each
>time) or share the session cache between the web-servers so that you can
>resume sessions from whichever server you route to. The latter approach
>is IMHO better because (a) sticky load-balancing is a point of failure,
>(b) load-balancing shouldn't balance according to SSL semantics, it
>should balance according to ... um ... load, and (c) this works better if
>one of your web-servers goes down temporarily. If you already have some
>load-balancing scheme in place, you probably have no choice but to try
>and share the cache between servers anyway or put up with failed resumes
>(and thus higher handshaking overhead).
>
>Mark and I did a paper on this quite a while ago, and some of the details
>may be a little dated now, but it might be useful to you;
>    http://www.geoffthorpe.net/apcon2000/
>
>As for the distributed session caching muted in that paper, it has since
>been coded and is at;
>     http://www.distcache.org/
>
>Cheers,
>Geoff
>
>--
>Geoff Thorpe
>geoff@geoffthorpe.net
>http://www.geoffthorpe.net/
>

_________________________________________________________________
Find gifts, buy online with MSN Shopping. http://shopping.msn.com.sg/


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message