Sharing SSL Certificates in a Cluster

Hopefully a very simple question, if I wanted several servers providing the same service to hold a certificate (e.g interface.internal.org) would the procedure be;

  • Generate Public/Private Pair on one web server
  • Generate CSR and receive Certificate
  • Copy Private/Public Key Pair and Certificate to each server

Although there is the potential to place certificates at the load balancing layer, I wanted to investigate other ways - plus the servers have SSL accelerators so performance isn't really a factor.

Regards,

Tom


Solution 1:

Your procedure as indicated above should work

Solution 2:

Yes your procedure will work. If you are using a commercial SSL cert provider, check if you need to pay for additional licences for each extra cluster node. This is the case with Thawte, for example. If using internally generated certsthen this won't be an issue.

Solution 3:

That will work with apache, but IIS generates its own CSR for each server. Just watch out for that.