12-11-2008
loadbalanced http and ssl
Hello,
I have 2 solaris 10 systems which are behind a load balancer serving 50% requests each. Both systems are installed with an application which run apache http server on port 80 and 443. both systems use the same virtual hostname like (app.domain.com). So when users hit
http://app.domain.com in their browsers the get the site served by listeners from any of the systems.
now I want add a CNAME so that if users hit
http://application.domain.com then site should work for them. I am sure it will work for http.
How about
https://application.domain.com?
I wonder what CN should be used to generate CSR for the both systems running apache web server with same Virtualhostname(which here is app.domain.com and I don't want to change this to application.domain.com)
I guess both system`s apache should have same SSL certificate. How is this generally done for systems behind load balancer.
If I am not wrong, there will also be ssl key and Certificate required on Load Balancer Device itself.
Can we have a certificate which can be used for 2 hostnames at same time like app.domain.com and also application.domain.com or one can use *.domain.com wild card certs on all 3 systems or just copying one ssl certificate received from CA generated by one system's CSR can be copied to all 3 systems (2 server + 1 load balancer) with corresponding SSL server key?
Other than this I have a general question:
I have a ssl certificate for a hostname valid for 2 more years but I am putting a new hardware and new installation of web server, can I just transfer the old key and certificate to new server while I want new server take over the old one. Please let me know
Thanks
10 More Discussions You Might Find Interesting
1. UNIX for Advanced & Expert Users
Can someone explain the difference between the two. Thanks (1 Reply)
Discussion started by: jerardfjay
1 Replies
2. UNIX for Advanced & Expert Users
What is the key diffirence between rsa and dsa. what is the maximum bit size to create the rsa as well as dsa key file. what is advantage of each over each-other?
Thanks
______
Satya (2 Replies)
Discussion started by: satya009
2 Replies
3. UNIX for Dummies Questions & Answers
i have configured Squid proxy server in Fedora 8 with two network interfaces.
HTTP, HTTPS, FTP are working fine but we are unable to download mails using mail clients from mail server with POP3(ssl) and SMTP(ssl).
so please someone help us how to enable pop and smtp in Squid. (1 Reply)
Discussion started by: praneel2k
1 Replies
4. Web Development
I have interesting problem.
https:/host/some/x.cgi
- this script has run twice when I call this url
But
http:/host/some/x.cgi
work fine, only once.
Output is text/plain.
If I change output format to the Content-type text/html,
then both urls works fine - executed only once. (2 Replies)
Discussion started by: kshji
2 Replies
5. Programming
hi
am senthil
am developing a software to send and receive SMS using HTTP connection
first of all am forming a URL and sending that URL to a remote server using my Client Program
i send that url through Socket(using Send() Function)
if i send more than one URL one by one using the same... (0 Replies)
Discussion started by: senkerth
0 Replies
6. Shell Programming and Scripting
hi
am senthil
am developing a software to send and receive SMS using HTTP connection
first of all am forming a URL and sending that URL to a remote server using my Client Program
i send that url through Socket(using Send() Function)
if i send more than one URL one by one using the same... (4 Replies)
Discussion started by: senkerth
4 Replies
7. Shell Programming and Scripting
Hello,
I'm using a tunnel broker for tunneling IPv6 traffic, as my ISP does not support it natively. As of recent i switched from Hurricane Electrics tunnel broker to Sixxs.
Whenever my IP address changes, i have to manually log in and change it. This is a bit cumbersome so i was thinking of... (0 Replies)
Discussion started by: regexp
0 Replies
8. Web Development
Hypertext Transfer Protocol -- HTTP/1.1 for Reference - HTTP Headers
10 Status Code Definitions
Each Status-Code is described below, including a description of which method(s) it can follow and any metainformation required in the response. (1 Reply)
Discussion started by: Neo
1 Replies
9. Shell Programming and Scripting
Hi,
I'm trying to write a script to determine the time gap between HTTP PUT and HTTP DELETE requests in the HTTP Servers access log.
Normally client will do HTTP PUT to push content e.g. file_1.txt and 21 seconds later it will do HTTP DELETE, but sometimes the time varies causing some issues... (3 Replies)
Discussion started by: Juha
3 Replies
10. Linux
Issue observed: I have configured ng.my-site.com using widlcard ssl cert. When I hit https://www.my-site.com it loads ng.my-site.com website!
please advise if I missed any concept / configs... Thank you!
httpd.conf
<VirtualHost *:80>
ServerName www.my-site.com
ServerAdmin... (0 Replies)
Discussion started by: ashokvpp
0 Replies
LEARN ABOUT DEBIAN
net::server::proto::ssl
Net::Server::Proto::SSL(3pm) User Contributed Perl Documentation Net::Server::Proto::SSL(3pm)
NAME
Net::Server::Proto::SSL - Net::Server SSL protocol.
SYNOPSIS
Until this release, it was preferrable to use the Net::Server::Proto::SSLEAY module. Recent versions include code that overcomes original
limitations.
See Net::Server::Proto. See Net::Server::Proto::SSLEAY.
use base qw(Net::Server::HTTP);
main->run(
proto => 'ssl',
SSL_key_file => "/path/to/my/file.key",
SSL_cert_file => "/path/to/my/file.crt",
);
# OR
sub SSL_key_file { "/path/to/my/file.key" }
sub SSL_cert_file { "/path/to/my/file.crt" }
main->run(proto = 'ssl');
# OR
main->run(
port => [443, 8443, "80/tcp"], # bind to two ssl ports and one tcp
proto => "ssl", # use ssl as the default
ipv => "*", # bind both IPv4 and IPv6 interfaces
SSL_key_file => "/path/to/my/file.key",
SSL_cert_file => "/path/to/my/file.crt",
);
# OR
main->run(port => [{
port => "443",
proto => "ssl",
# ipv => 4, # default - only do IPv4
SSL_key_file => "/path/to/my/file.key",
SSL_cert_file => "/path/to/my/file.crt",
}, {
port => "8443",
proto => "ssl",
ipv => "*", # IPv4 and IPv6
SSL_key_file => "/path/to/my/file2.key", # separate key
SSL_cert_file => "/path/to/my/file2.crt", # separate cert
SSL_foo => 1, # Any key prefixed with SSL_ passed as a port hashref
# key/value will automatically be passed to IO::Socket::SSL
}]);
DESCRIPTION
Protocol module for Net::Server based on IO::Socket::SSL. This module implements a secure socket layer over tcp (also known as SSL) via
the IO::Socket::SSL module. If this module does not work in your situation, please also consider using the SSLEAY protocol
(Net::Server::Proto::SSLEAY) which interfaces directly with Net::SSLeay. See Net::Server::Proto.
If you know that your server will only need IPv4 (which is the default for Net::Server), you can load IO::Socket::SSL in inet4 mode which
will prevent it from using Socket6 and IO::Socket::INET6 since they would represent additional and unsued overhead.
use IO::Socket::SSL qw(inet4);
use base qw(Net::Server::Fork);
__PACKAGE__->run(proto => "ssl");
PARAMETERS
In addition to the normal Net::Server parameters, any of the SSL parameters from IO::Socket::SSL may also be specified. See
IO::Socket::SSL for information on setting this up. All arguments prefixed with SSL_ will be passed to the IO::Socket::SSL->configure
method.
BUGS
Until version Net::Server version 2, Net::Server::Proto::SSL used the default IO::Socket::SSL::accept method. This old approach introduces
a DDOS vulnerability into the server, where the socket is accepted, but the parent server then has to block until the client negotiates the
SSL connection. This has now been overcome by overriding the accept method and accepting the SSL negotiation after the parent socket has
had the chance to go back to listening.
LICENCE
Distributed under the same terms as Net::Server
THANKS
Thanks to Vadim for pointing out the IO::Socket::SSL accept was returning objects blessed into the wrong class.
perl v5.14.2 2012-05-29 Net::Server::Proto::SSL(3pm)