3

Hopefully a very simple question, if I wanted several servers providing the same service to hold a certificate (e.g interface.internal.org) would the procedure be;

  • Generate Public/Private Pair on one web server
  • Generate CSR and receive Certificate
  • Copy Private/Public Key Pair and Certificate to each server

Although there is the potential to place certificates at the load balancing layer, I wanted to investigate other ways - plus the servers have SSL accelerators so performance isn't really a factor.

Regards,

Tom

Tom Werner
  • 295
  • 3
  • 8

3 Answers3

5

Your procedure as indicated above should work

Dominik
  • 2,218
  • 14
  • 9
3

Yes your procedure will work. If you are using a commercial SSL cert provider, check if you need to pay for additional licences for each extra cluster node. This is the case with Thawte, for example. If using internally generated certsthen this won't be an issue.

William
  • 1,158
  • 8
  • 9
  • The certificate licensing is a worthy note, thankfully my chosen supplier allows deployment throughout a network. – Tom Werner Feb 22 '10 at 21:52
1

That will work with apache, but IIS generates its own CSR for each server. Just watch out for that.

Stephen Thompson
  • 1,482
  • 9
  • 10
  • Cheers, thanks for the heads up, thankfully I am using OAS (Apache based I believe) – Tom Werner Feb 22 '10 at 21:44
  • You can generate a single request, get the cert and install it, then export the key\cert pair and put it on the other servers. Provided you haven't flagged it as non exportable in the first place (or don't want to resort to hacking) – Helvick Feb 22 '10 at 22:10