Failover with webserver with private SSL certs

svancouw · 10-23-2007, 03:55 PM

I have two servers that I've set up, and I've been researching a way to set up automatic failover/clustering. This does not seem difficult to do, with one exception.

SSL certs. An SSL cert is bound to one IP only. How do I set up clustering so that I can host my sites with SSL certs? Do I just buy two certs and keep a slightly different version of my site on each server in case of failure? I plan on using rsync to keep the majority of the pages and databases current between systems.

I'm looking at using the Hercules Load Balancer Virtual Appliance (based on pen) posted on vmware's site (http://www.vmware.com/appliances/directory/300).

Is there another method that is out there that I'm not seeing that doesn't cost an arm and a leg?

Thanks for the help!

acid_kewpie · 10-23-2007, 04:17 PM

It is not bound to one ip at all. That relationship is one https server can only reference one certificate. you can put that certificate on as many boxes as you feel like, but all of those boxes can only serve the same website over https.

svancouw · 10-23-2007, 05:00 PM

Perhaps I was getting that confused with the fact that you can only have one SSL cert per IP without problems. This has to do with the fact that port 443 will serv up the first available website for that IP, correct? SSL certs cannot properly handle vhost name-based configurations.

Turns out that you *can* buy a cert to be permanently bound to only one IP, but it's not required. I didn't find that info in my last few searches.

I've got about 8 IPs to play with on each server.

Thank you for pointing me in the right direction. This certainly simplifies matters.