[lvs-users] https connections

Dan Yocum yocum at fnal.gov
Mon Oct 29 14:13:59 GMT 2007 


Joseph Mack NA3T wrote:
> On Thu, 25 Oct 2007, Joseph Mack NA3T wrote:
> 
>> wonderful. People fall all over https on lvs and Graeme has
>> been rescuing everyone.
> 
> I don't suppose you know if you can run two https sites with 
> the same IP (like you can for http)?

It is possible to create a service certificate with a wildcard in the CN 
string.  We've got a few of these at Fermi.  I think this would enable 
the ability to get around the catch-22 of having to read the http 
request header before the ssl handshake is completed - the handshake is 
still completed before reading the header, but since you've got a 
wildcard in the CN, it should succeed, then the server can read the 
header and redirect appropriately.

So, yes, I think it can be done for a special use case where the servers 
have the similar enough hostnames that a suitable certificate can be 
generated.  I'll ask around to see if anyone here is doing that.

Cheers,
Dan


-- 
Dan Yocum
Fermilab  630.840.6509
yocum at fnal.gov, http://fermigrid.fnal.gov
Fermilab.  Just zeros and ones.

Search lvs-users Archives
Limit search to: Subject & Body Subject Author
Sort by: Reverse Sort
More information about the lvs-users mailing list