Domain – SSL Cert for one domain and multiple IPs

domainload balancingssl-certificate

I have a question about SSL certs and multiple servers.

Question:

I have one cert, one domain name and I have many servers that hold my website code.

Example.com can point to IPs 192.168.1.1, 192.168.1.2,192.168.1.3, and 192.168.1.4. one for USA North, USA South, USA East, USA West.

How do we apply this cert to that one domain name that can point to
multiple IPs?
Is a load balancing needed?

Best Answer

The IP address is not relevant for SSL/TLS on websites. What is important is that the name the browser uses (e.g. example.com) matches the name listed in the certificate. So, if you install the cert on many servers and somehow make sure you can reach them all with the same DNS name, things should work.
Does your application require load balancing? Would something simpler like RRDNS work? Anycast DNS entries? You need to know this, we can't tell you.

Related Solutions

IIS7 SSL – Can’t Set Host Name on Site with SSL Cert and Port 443

You can't do it from the UI, you have to do it from the command line. Here's a nice walk through of the process:

http://www.sslshopper.com/article-ssl-host-headers-in-iis-7.html

Ssl – Multiple SSL certs with Stunnel

You need to use TLS SNI to be able to present two different certificates on the same listening port. Be aware that some clients, notably most browsers running under Windows XP, do not support SNI.

See the sni option in the documentation. Split your certificates into different files (the same private key is used for both public certificates):

[https]
cert = /etc/ssl/domain.com.pem
accept  = 443
connect = 80

[domain]
sni = https:domain.com
sni = https:www.domain.com
cert = /etc/ssl/domain.com.pem
connect = 80

[manager]
sni = https:manager.domain.com
cert = /etc/ssl/manager.domain.com.pem
connect = 80

Best Answer

Related Solutions

IIS7 SSL – Can’t Set Host Name on Site with SSL Cert and Port 443

Ssl – Multiple SSL certs with Stunnel

Related Topic