LinuxQuestions.org
Support LQ: Use code LQ3 and save $3 on Domain Registration
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices

Reply
 
Search this Thread
Old 11-07-2007, 12:23 PM   #1
mlewis
Member
 
Registered: Mar 2006
Posts: 172

Rep: Reputation: 16
SSL Servers vs Apache SSL


I need to set up SSL on my network for our web sites.

I have stand alone SSL servers which sit at the top of the network, intercepting SSL connections which offload the web servers.

My question is, should I use the SSL server or, if I use SSL on the web servers, will I need an SSL cert on every web server?

Mike
 
Old 11-09-2007, 02:45 AM   #2
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,414

Rep: Reputation: 1966Reputation: 1966Reputation: 1966Reputation: 1966Reputation: 1966Reputation: 1966Reputation: 1966Reputation: 1966Reputation: 1966Reputation: 1966Reputation: 1966
well you've said nothing about what these ssl servers are. I manage a number of F5 LTM's, which are just about *the* top end for dedicated ssl offload, and if you have a device as good as that, with physical SSL offload hardware, then use them if you can, absolutely. your cert only needs to exist on the device doing the SSL, so if that's on offload engine, that's one place, if it's 10 phsyical servers, that's 10 copies... it depends a lot on how SSL is used though in relation to the application. if the web app itself is controlling the bounce up to https from http based on various parameters, then that can be very tricky to extract from the app to an engine, but if it's an all or nothing thing it should be very simple.
 
Old 04-02-2008, 10:13 AM   #3
mlewis
Member
 
Registered: Mar 2006
Posts: 172

Original Poster
Rep: Reputation: 16
>well you've said nothing about what these ssl servers are.

Sorry for the lack of reply, I never received anything showing a reply to this thread.

The hardware is Lucent, I don't have the model number handy but can get it. They handle about 200 sessions each and can be chained. I have several of them. Hardware is not much of a problem though, I can get what ever I need pretty much.

>offload hardware, then use them if you can, absolutely. your cert only >needs to exist on the device doing the SSL, so if that's on offload
>engine, that's one place, if it's 10 phsyical servers, that's 10 >copies... it depends a lot on how SSL is used though in relation to the >application.

Right, so if I use multiple SSL servers, then I need certs on each one.

>if the web app itself is controlling the bounce up to https from http >based on various parameters, then that can be very tricky to extract
>from the app to an engine, but if it's an all or nothing thing it
>should be very simple.

Well, I've had these things sitting here for some time and would like to put them to some good use. Plus, it would offload the servers anyhow which is always good.

But since I've not used them, I was/am not sure about some things, you know, if things get weird or complicated when using external SSL servers like this.

Mike
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Apache, SSL, and Virtual servers riluve Linux - Software 6 05-14-2007 01:13 PM
SSL Connections / second and SSL Accelerator Cards on Linux LinuxGeek Linux - Networking 0 06-10-2006 08:18 AM
need help with apach virtual hosts ssl/non ssl sites danthach Linux - Networking 3 05-25-2006 06:40 AM
SSL and name-based virtual servers psychobyte Linux - Networking 1 01-04-2006 05:35 PM
SSL Apache, multiple virtual servers gypsy_rabbi Linux - Software 0 09-11-2004 04:03 PM


All times are GMT -5. The time now is 05:42 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration