Celebrate National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Basic SSL/Certificate question

Posted on 2004-08-04
2
Medium Priority
?
248 Views
Last Modified: 2010-04-11
Hi all,

Considering the following server config for a group based in Europe:
2 load balanced web servers
2 DB servers (1 live 1 backup)
2 File servers (1 live 1 backup)

Where all machines are hosted at the same ISP and will be accessed via the internet.  Some portions of the website will be free and others member only; (e.g., registration/login and web forms for users to input various data).   Data won't be financial but will be considered sensitive.

1. What is the best certificate config here?  Assuming the top level domain name is www.group.org, would I have a FQDN like secure.group.org?  In other words, users would access the site at http://www.group.org but as soon as they wanted to do any member specific stuff, (login or register, input data) should they be redirected to https://secure.group.org? 

2. Do I need certificates for all machines?

Is what I mentioned above atypical for a .org TLD?  

Thanks...


0
Comment
Question by:ara99
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 4

Accepted Solution

by:
syn_ack_fin earned 600 total points
ID: 11722771
1. From a naming standpoint, unless secure.group.org and www.group.org are different servers, there is no reason why you need to name the structure seperately. You can apply the cert to the site and secure individual directories via SSL. If you have a site sharing data with members and non-members alike, then most likely you will just have individual website directories protected with passwords and forced to SSL.

2. You would need a certificate for both web servers. Thoeretically, you can use the same cert for each server since they will have the same fully qualified name. Verisign wants you to purchase one for each of course. Here is a link to some info from them:
http://www.verisign.com/products-services/security-services/ssl/ssl-certificates/load-balancing.html

Good luck
0
 
LVL 51

Assisted Solution

by:ahoffmann
ahoffmann earned 400 total points
ID: 11729485
1. i.g it sounds more secure to have one certificate for each FQDN, but from the view of a user I'd recommend to have one cert for the whole domain group.org.
   On the other side, having the same cert for more than one server, each client should complain (warn you) if it does not match 100%. So all in all, we have a two edged sward.

2. see 1.

keep in mind that using SSL/TLS does not make your site secure. It just makes it a bit more restistant against man-in-the-middle attacks. Security must be built-in your web, application, file and database servers
0

Featured Post

How Blockchain Is Impacting Every Industry

Blockchain expert Alex Tapscott talks to Acronis VP Frank Jablonski about this revolutionary technology and how it's making inroads into other industries and facets of everyday life.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The recent Petya-like ransomware attack served a big blow to hundreds of banks, corporations and government offices The Acronis blog takes a closer look at this damaging worm to see what’s behind it – and offers up tips on how you can safeguard your…
In this article, WatchGuard's Director of Security Strategy and Research Teri Radichel, takes a look at insider threats, the risk they can pose to your organization, and the best ways to defend against them.
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …
We’ve all felt that sense of false security before—locking down external access to a database or component and feeling like we’ve done all we need to do to secure company data. But that feeling is fleeting. Attacks these days can happen in many w…

730 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question