Linux - NetworkingThis forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
well you've said nothing about what these ssl servers are. I manage a number of F5 LTM's, which are just about *the* top end for dedicated ssl offload, and if you have a device as good as that, with physical SSL offload hardware, then use them if you can, absolutely. your cert only needs to exist on the device doing the SSL, so if that's on offload engine, that's one place, if it's 10 phsyical servers, that's 10 copies... it depends a lot on how SSL is used though in relation to the application. if the web app itself is controlling the bounce up to https from http based on various parameters, then that can be very tricky to extract from the app to an engine, but if it's an all or nothing thing it should be very simple.
>well you've said nothing about what these ssl servers are.
Sorry for the lack of reply, I never received anything showing a reply to this thread.
The hardware is Lucent, I don't have the model number handy but can get it. They handle about 200 sessions each and can be chained. I have several of them. Hardware is not much of a problem though, I can get what ever I need pretty much.
>offload hardware, then use them if you can, absolutely. your cert only >needs to exist on the device doing the SSL, so if that's on offload
>engine, that's one place, if it's 10 phsyical servers, that's 10 >copies... it depends a lot on how SSL is used though in relation to the >application.
Right, so if I use multiple SSL servers, then I need certs on each one.
>if the web app itself is controlling the bounce up to https from http >based on various parameters, then that can be very tricky to extract
>from the app to an engine, but if it's an all or nothing thing it
>should be very simple.
Well, I've had these things sitting here for some time and would like to put them to some good use. Plus, it would offload the servers anyhow which is always good.
But since I've not used them, I was/am not sure about some things, you know, if things get weird or complicated when using external SSL servers like this.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.