Re: Separate SSL cert for each NLB server?
- From: Roberto Franceschetti <rob-erto-do-not-spam@xxxxxxxxxx>
- Date: Sun, 10 Aug 2008 23:57:14 -0400
On 7/31/08 4:52 PM, in article ujO9S908IHA.1180@xxxxxxxxxxxxxxxxxxxx, "Mel
K" <M@xxxxx> wrote:
Hello:Licensing aside (commercial providers usually license certs per server), you
I have a load-balanced (MS NLB) cluster of two OWA servers that both respond
to https://owa.myfirm.com. Do I need to get a separate SSL cert for each
server, or can I just install the same SSL cert on both since they are both
NAT'd to the external IP address for owa.myfirm.com?
On a sort of related note, does a HTTPS site encrypt the URL also? If I
browse to https://www.myfirm.com, are the URLs to various links from that
site encrypted? For example, would the actual URL for
https://www.myfirm.com/corporate-strategy/microsoft-takeover/plan.html be
passed in clear text, even though the contents are encrypted? Or are both
the URL and contents encrypted?
Thank you.
can use the same certificate on both servers. Just make the SSL cert request
on one server, install the certificate when it's been approved and assigned,
then export it from the one server and import it onto the other. There's an
option in IIS to export the cert directly to the other machine, but I've
ever got that to work right...
As a side-note, if you install your own Certificate Authority , you can
issue yourself perfectly working certificates lasting 10-20 years (leaving
you worry-free from remembering to renew...). The only downside is that end
users from home will receive a security warning when browsing to the site as
the CA is not recognized by their browsers. If the users are "friendly"
(CEO's, managers, and "government" higher ups are usually not that kind),
then all it takes is for them to import the cert into their computers *once*
and from then on no more security warning... It will be as if you were using
a commercial cert. Internally to your firm, you can add any certificate you
wish to the trusted list of certificates in Active Directory, which will
prevent any security popups in your internal workstations.
--
Roberto Franceschetti
LogSat Software
http://www.logsat.com
.
- Prev by Date: Re: SSL Noob needs some help
- Next by Date: asp create folder under virtual directory
- Previous by thread: Re: Separate SSL cert for each NLB server?
- Next by thread: Re: SSL Certificate Errors on a re-direction
- Index(es):
Relevant Pages
|
