Solved

Basic SSL/Certificate question

Posted on 2004-08-04
2
247 Views
Last Modified: 2010-04-11
Hi all,

Considering the following server config for a group based in Europe:
2 load balanced web servers
2 DB servers (1 live 1 backup)
2 File servers (1 live 1 backup)

Where all machines are hosted at the same ISP and will be accessed via the internet.  Some portions of the website will be free and others member only; (e.g., registration/login and web forms for users to input various data).   Data won't be financial but will be considered sensitive.

1. What is the best certificate config here?  Assuming the top level domain name is www.group.org, would I have a FQDN like secure.group.org?  In other words, users would access the site at http://www.group.org but as soon as they wanted to do any member specific stuff, (login or register, input data) should they be redirected to https://secure.group.org? 

2. Do I need certificates for all machines?

Is what I mentioned above atypical for a .org TLD?  

Thanks...


0
Comment
Question by:ara99
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 4

Accepted Solution

by:
syn_ack_fin earned 150 total points
ID: 11722771
1. From a naming standpoint, unless secure.group.org and www.group.org are different servers, there is no reason why you need to name the structure seperately. You can apply the cert to the site and secure individual directories via SSL. If you have a site sharing data with members and non-members alike, then most likely you will just have individual website directories protected with passwords and forced to SSL.

2. You would need a certificate for both web servers. Thoeretically, you can use the same cert for each server since they will have the same fully qualified name. Verisign wants you to purchase one for each of course. Here is a link to some info from them:
http://www.verisign.com/products-services/security-services/ssl/ssl-certificates/load-balancing.html

Good luck
0
 
LVL 51

Assisted Solution

by:ahoffmann
ahoffmann earned 100 total points
ID: 11729485
1. i.g it sounds more secure to have one certificate for each FQDN, but from the view of a user I'd recommend to have one cert for the whole domain group.org.
   On the other side, having the same cert for more than one server, each client should complain (warn you) if it does not match 100%. So all in all, we have a two edged sward.

2. see 1.

keep in mind that using SSL/TLS does not make your site secure. It just makes it a bit more restistant against man-in-the-middle attacks. Security must be built-in your web, application, file and database servers
0

Featured Post

[Webinar] How Hackers Steal Your Credentials

Do You Know How Hackers Steal Your Credentials? Join us and Skyport Systems to learn how hackers steal your credentials and why Active Directory must be secure to stop them. Thursday, July 13, 2017 10:00 A.M. PDT

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The conference as a whole was very interesting, although if one has to make a choice between this one and some others, you may want to check out the others.  This conference is aimed mainly at government agencies.  So it addresses the various compli…
A look at what happened in the Verizon cloud breach.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, just open a new email message. In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
This video Micro Tutorial shows how to password-protect PDF files with free software. Many software products can do this, such as Adobe Acrobat (but not Adobe Reader), Nuance PaperPort, and Nuance Power PDF, but they are not free products. This vide…

630 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question