0

We cannot seem to find documentation on how to set up weblogic with ssl in the following configuration:

  • Load balancer which balances (round robin) to two Weblogic Managed Sever nodes.
  • So, a user goes to mywebsite.mydomain.com, which hits the load balancer, which sends traffic to one of the two managed nodes
  • We assume we would create a single certificate for mywebsite.mydomain.com and install this certificate on each weblogic manage server nodes.

Is this procedure correct? We can find documentation on how to set up SSL for a non load-balanced server (all traffic goes to one managed server), but cannot find documentation for how to set up SSL for our configuration.

Please help!

BestPractices
  • 183
  • 1
  • 2
  • 10

1 Answers1

2

You didn't mention what type of load balancer you're using but usually the way this works, the load balancer will ARP advertise the public IP that mywebsite.mydomain.com. This SAME IP address is setup as an alias on each server that participates in the pool, but that IP address is configured to not broadcast ARP replies. A layer4 receives the request, rewrites the destination MAC to one of the servers in the pool, and sends over a local switch. That server that receives it, now processes the request, and replies directly to the gateway bypassing the load balancer on the return path.

By not ARPing for the "virtual" address that is on all of the servers, you essentially get one certificate that is valid for multiple machines, as the machines are spoofing the address the certificate resolves to. Long before star certificates, and geographical distribution, and high performance reverse proxies.. this was the cheap way to get one certificate to stretch way out for a huge pool of SSL servers.

You might also investigate using a reverse proxy that supports SSL to non-SSL, and allows putting the certificate on the proxy itself.

Essobi
  • 901
  • 6
  • 9