httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ali Jawad <alijaw...@gmail.com>
Subject [users@httpd] Question about CSR and load balancing to Apache servers.
Date Mon, 07 Sep 2009 19:41:04 GMT
Hi
I got the following network setup

                         |---Server A
Internet --load balancer---Server B
                         |---Server C

The load balancer will send the requests in round robin fashion, and
the traffic will be secured using HTTPS. All servers will host one
site using Apache2 with the same FQDN for all servers.

Having said that, should I generate ONLY one CSR on Server A, and
distribute the private key and result certificate to Apache servers on
server B and C, or should I generate three CSR, one per server and use
the resultant certificates each on it's respective Apache servers.

My concern is that if different CSR will be using on the servers , and
the browser creates the HTTPS session with server A, and then using
the load balancer request B goes to server B, and server B uses a
certificate generated using another CSR and private key, the HTTPS
session will break.

One other thing to note is that I do not have access to the load
balancer ,and since this is a hardware based load balancer it will
probably intercept the traffic before sending it to one of the
servers. Isn't this going to break the SSL session between the browser
and the Apache server.

Regards

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message