Jump to content


Photo

Certificate creation for SSL

ssl certificate load balancer

Best Answer Kaushik Thirumurthy, 18 December 2015 - 04:58 AM

This would work fine provided FQDN of webserver and service on the load balancer are same. Otherwise, you would encounter an SSL certificate warning while accessing the website.

 

If the FQDN is different on server and service and if you would like to use the same certiifcate then

 

1) you can get a SAN certificate signed with these hostnames. As you might be aware, SAN certificates can have multiple hostnames

 

Or

2) a wildcard certificate, if the domain name is same on both web server and service on the ADC.

 

Thanks,

Kaushik.

Go to the full post


  • Please log in to reply
5 replies to this topic

#1 Sajeev Chandrapragasam

Sajeev Chandrapragasam
  • Members
  • 49 posts

Posted 17 December 2015 - 08:32 PM

Hi All,

 

If i'm creating a certificate for my web server, while giving common name for certificate the FQDN is should be Barracuda box FQDN or the web server FQDN? 

 

 



#2 Kaushik Thirumurthy

Kaushik Thirumurthy
  • Barracuda Team Members
  • 41 posts

Posted 18 December 2015 - 04:22 AM

Hello Sajeev,

 

If you are planning to import this certificate on the Load balancer and use if for a HTTPS service, then it should be having the CN corresponding to the Service FQDN.

 

If this certificate would be just used on your real server, then it can be with real server's FQDN.

 

Please let us know if you have any questions

 

Regards,

Kaushik



#3 Sajeev Chandrapragasam

Sajeev Chandrapragasam
  • Members
  • 49 posts

Posted 18 December 2015 - 04:27 AM

Hello Sajeev,

 

If you are planning to import this certificate on the Load balancer and use if for a HTTPS service, then it should be having the CN corresponding to the Service FQDN.

 

If this certificate would be just used on your real server, then it can be with real server's FQDN.

 

Please let us know if you have any questions

 

Regards,

Kaushik

 

So for the first instance. Do we have to give Load balancer box's FQDN?



#4 Kaushik Thirumurthy

Kaushik Thirumurthy
  • Barracuda Team Members
  • 41 posts

Posted 18 December 2015 - 04:47 AM

If this certificate is to be used for a service on the Load balancer, then it should be created with CN as FQDN of the service on the load balancer.

 

Regards,

Kaushik



#5 Sajeev Chandrapragasam

Sajeev Chandrapragasam
  • Members
  • 49 posts

Posted 18 December 2015 - 04:52 AM

If this certificate is to be used for a service on the Load balancer, then it should be created with CN as FQDN of the service on the load balancer.

 

Regards,

Kaushik

 

 

If we have the certificate for Web Sever, Can we use that in Load Balancer Service ?



#6 Kaushik Thirumurthy

Kaushik Thirumurthy
  • Barracuda Team Members
  • 41 posts

Posted 18 December 2015 - 04:58 AM   Best Answer

This would work fine provided FQDN of webserver and service on the load balancer are same. Otherwise, you would encounter an SSL certificate warning while accessing the website.

 

If the FQDN is different on server and service and if you would like to use the same certiifcate then

 

1) you can get a SAN certificate signed with these hostnames. As you might be aware, SAN certificates can have multiple hostnames

 

Or

2) a wildcard certificate, if the domain name is same on both web server and service on the ADC.

 

Thanks,

Kaushik.