Solved: SSL Certificate Question

pingwarrior · ‎01-17-2008

Hi, I have a question. I have 2 CSS11501 to load balance 2 SSL Web Server(https) where I just simply load balance SSL traffic without terminating SSL traffic inside CSS(no SSL module). I am going to request 2 SSL certificates from CA where "host" of subject in certificate is not domain name but is IP address. Normally people will use domain name such as abc.com to submit their signing request of certificate to CA, but in my case where I not using domain name in my network, thus I will use IP address to submit the signing request of certificate to CA. My question is the IP address of the "host" of certificate for submitting certificate signing request have to be virtual IP of content rule or the real IP address of each server respectively?

Gilles Dufour · ‎01-17-2008

the browser checks if the name inside the certificate matches with the host name typed in the url.

Since you are using ip addresses, I believe you need to use the virtual ip as this is what the user will type.

So, 1 certificate should be enough.

Gilles.

View solution in original post

Gilles Dufour · ‎01-17-2008

the browser checks if the name inside the certificate matches with the host name typed in the url.

Since you are using ip addresses, I believe you need to use the virtual ip as this is what the user will type.

So, 1 certificate should be enough.

Gilles.

pingwarrior · ‎01-17-2008

Thanks qdufour for your quick answer and help. Your answer make sense and I will try it out.