Solved

Basic SSL/Certificate question

Posted on 2004-08-04
2
246 Views
Last Modified: 2010-04-11
Hi all,

Considering the following server config for a group based in Europe:
2 load balanced web servers
2 DB servers (1 live 1 backup)
2 File servers (1 live 1 backup)

Where all machines are hosted at the same ISP and will be accessed via the internet.  Some portions of the website will be free and others member only; (e.g., registration/login and web forms for users to input various data).   Data won't be financial but will be considered sensitive.

1. What is the best certificate config here?  Assuming the top level domain name is www.group.org, would I have a FQDN like secure.group.org?  In other words, users would access the site at http://www.group.org but as soon as they wanted to do any member specific stuff, (login or register, input data) should they be redirected to https://secure.group.org? 

2. Do I need certificates for all machines?

Is what I mentioned above atypical for a .org TLD?  

Thanks...


0
Comment
Question by:ara99
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 4

Accepted Solution

by:
syn_ack_fin earned 150 total points
ID: 11722771
1. From a naming standpoint, unless secure.group.org and www.group.org are different servers, there is no reason why you need to name the structure seperately. You can apply the cert to the site and secure individual directories via SSL. If you have a site sharing data with members and non-members alike, then most likely you will just have individual website directories protected with passwords and forced to SSL.

2. You would need a certificate for both web servers. Thoeretically, you can use the same cert for each server since they will have the same fully qualified name. Verisign wants you to purchase one for each of course. Here is a link to some info from them:
http://www.verisign.com/products-services/security-services/ssl/ssl-certificates/load-balancing.html

Good luck
0
 
LVL 51

Assisted Solution

by:ahoffmann
ahoffmann earned 100 total points
ID: 11729485
1. i.g it sounds more secure to have one certificate for each FQDN, but from the view of a user I'd recommend to have one cert for the whole domain group.org.
   On the other side, having the same cert for more than one server, each client should complain (warn you) if it does not match 100%. So all in all, we have a two edged sward.

2. see 1.

keep in mind that using SSL/TLS does not make your site secure. It just makes it a bit more restistant against man-in-the-middle attacks. Security must be built-in your web, application, file and database servers
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Businesses who process credit card payments have to adhere to PCI Compliance standards. Here’s why that’s important.
Active Directory security has been a hot topic of late, and for good reason. With 90% of the world’s organization using this system to manage access to all parts of their IT infrastructure, knowing how to protect against threats and keep vulnerabil…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, just open a new email message. In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…

710 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question