Sharing SSL Certificates in a Cluster

ssl share cluster

Hopefully a very simple question, if I wanted several servers providing the same service to hold a certificate (e.g interface.internal.org) would the procedure be;

  • Generate Public/Private Pair on one web server
  • Generate CSR and receive Certificate
  • Copy Private/Public Key Pair and Certificate to each server

Although there is the potential to place certificates at the load balancing layer, I wanted to investigate other ways - plus the servers have SSL accelerators so performance isn't really a factor.

Regards,

Tom


Solution 1:

Your procedure as indicated above should work

Solution 2:

Yes your procedure will work. If you are using a commercial SSL cert provider, check if you need to pay for additional licences for each extra cluster node. This is the case with Thawte, for example. If using internally generated certsthen this won't be an issue.

Solution 3:

That will work with apache, but IIS generates its own CSR for each server. Just watch out for that.

Related

Share Exchange/Outlook calendars between two different domains
WebResource.axd and ScriptResource.axd + 404 not found…
Apache mod_cache: Strip/ignore (only) Google Analytics cookies
Conditionally set client_max_body_size
How to make dovecot not ask passwords from localhost?
postgresql - Approach for 'live'/hot file backup?
Apache security - list all possible handlers / actions
VMware NAS/iSCSI recommendations - smallish organization
Secure Exchange mailboxes
Linux IPv6 loopback routes getting automatically added
Best practices for hardening/locking down Windows Server 2008 R2 for use as web server?
When HDD wakes up?