Saturday, November 15, 2014

linux - Load Balancer and using multiple SSL certificates

Here is our current production configuration at a 3rd party data center:



•2 LINUX/CentOS tomcat web servers behind a shared load balancer
•DNS entries point to the load balancer

•Web apps are written using Java 6, Spring 3, Hibernate 4.



The data center techs have told us that in order to use the load balancer to forward port 80 to 8080, and forward 443 to 8443 (so we don't have port numbers in our URLs) we must have SSL certificates installed on BOTH the load balancer AND on the tomcat web server. But this affects our performance/throughput, and limits the number of SSL connections (i.e. users) we have connecting to our web apps concurrently.



Does having both SSL certs make sense, or can this be simplified and just install the SSL certificate on either the load balancer, or the tomcat web server, but not both. And which one would be preferred?



Thanks in advance - Mark

-

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

linux - How to SSH to ec2 instance in VPC private subnet via NAT server

I have created a VPC in aws with a public subnet and a private subnet. The private subnet does not have direct access to external network. S...