04-22-2010 06:18 AM
Just had a conversation with our application team. They are thinking/planning about moving a construct of approximate 10+ real servers that host around 70+ vhost to a single ACE context.
So far we only configured 1:1 relations in terms of context to ssl proxy.
Questions:
Thanks for reading
Roble
Solved! Go to Solution.
04-22-2010 07:46 AM
Hi,
If your server certificates have a common CA chain (or no CA chain) then the limit of 8 doesn't apply. AFAIK except for the general resource limits there are no restrictions on the number of SSL proxy servers per context.
Kind Regards
Cathy
04-22-2010 07:14 AM
Hi,
1. Yes - but there are limitations. Each context can only support 8 chaingroups. The SSL proxy server references the certificate and the chain group so I suspect you're likely to hit a limit unless most of the websites have a common chain. Each webserver will need its own Proxy server definition unless you use a wildcard certificate. It really depends on what you're hosting.
2. As above - yes unless you can use a wildcard certificate.
3. Works for me.
4. Not sure - it really depends on the exact requirements for the websites.
HTH
Cathy
04-22-2010 07:38 AM
Hey Cathy,
thanks for the quick answer.
When i am talking about multiple certificates i am not talking about intermediate certificates and therefore chaingroups. So if i stick to single certificate which can be verified by a known root cert the limit shouldn't apply.
Does the limit of 8 chaingroups also to proxy services?
The resource overview on the following link only mentions a total limit of 3800 certs.
Thanks for reading
Roble
04-22-2010 07:46 AM
Hi,
If your server certificates have a common CA chain (or no CA chain) then the limit of 8 doesn't apply. AFAIK except for the general resource limits there are no restrictions on the number of SSL proxy servers per context.
Kind Regards
Cathy
04-22-2010 07:49 AM
Thanks!
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: