httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "patrick kuah" <>
Subject Re: [users@httpd] ssl cert for multiple server
Date Wed, 15 Oct 2003 18:54:21 GMT
THANK, Geoff  :)

I understand more clearly now :)


>From: Geoff Thorpe <>
>CC: "patrick kuah" <>
>Subject: Re: [users@httpd] ssl cert for multiple server
>Date: Wed, 15 Oct 2003 11:46:45 -0400
>On October 8, 2003 11:52 pm, patrick kuah wrote:
> > I have two web servers load balance each other, can i use the same ssl
> > Cert on both server ? because I'm only load balancing one url only. Is
> > there any issue between the client and server for ssl session if i'm
> > using the same cert for load balancing ???  My load balancing is using
> > round robin manner.
>You can use the same certificate and key on multiple web servers, but that
>won't solve the issue of SSL/TLS session caching and resumes. You either
>need to perform some kind of "SSL-sticky" load-balancing (ensuring that
>session resume requests from clients are routed to the same server each
>time) or share the session cache between the web-servers so that you can
>resume sessions from whichever server you route to. The latter approach
>is IMHO better because (a) sticky load-balancing is a point of failure,
>(b) load-balancing shouldn't balance according to SSL semantics, it
>should balance according to ... um ... load, and (c) this works better if
>one of your web-servers goes down temporarily. If you already have some
>load-balancing scheme in place, you probably have no choice but to try
>and share the cache between servers anyway or put up with failed resumes
>(and thus higher handshaking overhead).
>Mark and I did a paper on this quite a while ago, and some of the details
>may be a little dated now, but it might be useful to you;
>As for the distributed session caching muted in that paper, it has since
>been coded and is at;
>Geoff Thorpe

Find gifts, buy online with MSN Shopping.

The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:> for more info.
To unsubscribe, e-mail:
   "   from the digest:
For additional commands, e-mail:

View raw message