Re: SSL certs on proxy pool?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Tue, 1 Aug 2006, Vincent Fox wrote:

Wondering how people deal with SSL certs with multiple frontends?

Do you put wildcard certs on the proxies and leave the SSL processing on
each unit?

Do you use an SSL-aware load-balancer and let it hold a cert for the
published hostname and do the heavy lifting?

If there's some 3rd way, I'm interested to hear it.

I'm not really clear what would happen on a load-balancer with TLS
switchovers, doesn't that imply the load-balancer has to be
application-aware not just like a hardware version of stunnel?

We use a ServerIronXL network load balancer here, with 2 frontends behind it. It just load balances the network ports IMAP, IMAPS, and LMTP between the 2 frontends (no SSL processing on it). We have a cname, imap.onid.oregonstate.edu, which points at the load balancer. The cert for imap.onid.oregonstate.edu is installed on both frontends.

	Andy
----
Cyrus Home Page: http://asg.web.cmu.edu/cyrus
Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html

[Index of Archives]     [Cyrus SASL]     [Squirrel Mail]     [Asterisk PBX]     [Video For Linux]     [Photo]     [Yosemite News]     [gtk]     [KDE]     [Gimp on Windows]     [Steve's Art]

  Powered by Linux