Most of the load balancers I have seen will either terminate the SSL
connection at the load balancer or simply just look at the header and
forward it appropriately.
If you need SSL form the load balancer to the backend server you can use
self signed certs
If you can't break the SSL until it gets to the final server because of
whatever requirements then it will greatly reduce what you can do with the
load balancer and it will just be a fancy router.
Also, some SSL providers allow for wild card certs as well, *.domain.com,
that may also work for you, but they are expensive from what I heard.
On Sun, Aug 15, 2010 at 12:25 PM, R P Herrold <
herrold@owlriver.com> wrote:
> On Sun, 15 Aug 2010, Lisa Kachold wrote:
>
> On Fri, Aug 13, 2010 at 11:50 PM, Bryan O'Neal <
>> Bryan.ONeal@theonealandassociates.com> wrote:
>>
>> So you do name based virtual hosts with SSL and without SNI? I would
>>> love to see your config files!
>>> - As always you teach us lowly mortals so much ;)
>>>
>>
> Which was not the question asked by Eric 'shubes', or that I answered, of
> course ---
>
> We were asked to have a load balancer or such at a public address, IN FRONT
> of a backend filled with a collection of potentially differing units, with
> RFC-1918 addressed backends and if the SSL tunnel might be established by
> the front end and used by the back ends.
>
> The answer remains: no
>
>
> Hey, I just bungle along too.
>>
>
> no argument from me on that -- seems you shoot from the hit a lot, though
>
> -- Russ herrold
>
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
>
---------------------------------------------------
PLUG-discuss mailing list -
PLUG-discuss@lists.plug.phoenix.az.us
To subscribe, unsubscribe, or to change your mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
(text/plain)