Solved

Basic SSL/Certificate question

Posted on 2004-08-04
2
241 Views
Last Modified: 2010-04-11
Hi all,

Considering the following server config for a group based in Europe:
2 load balanced web servers
2 DB servers (1 live 1 backup)
2 File servers (1 live 1 backup)

Where all machines are hosted at the same ISP and will be accessed via the internet.  Some portions of the website will be free and others member only; (e.g., registration/login and web forms for users to input various data).   Data won't be financial but will be considered sensitive.

1. What is the best certificate config here?  Assuming the top level domain name is www.group.org, would I have a FQDN like secure.group.org?  In other words, users would access the site at http://www.group.org but as soon as they wanted to do any member specific stuff, (login or register, input data) should they be redirected to https://secure.group.org? 

2. Do I need certificates for all machines?

Is what I mentioned above atypical for a .org TLD?  

Thanks...


0
Comment
Question by:ara99
2 Comments
 
LVL 4

Accepted Solution

by:
syn_ack_fin earned 150 total points
ID: 11722771
1. From a naming standpoint, unless secure.group.org and www.group.org are different servers, there is no reason why you need to name the structure seperately. You can apply the cert to the site and secure individual directories via SSL. If you have a site sharing data with members and non-members alike, then most likely you will just have individual website directories protected with passwords and forced to SSL.

2. You would need a certificate for both web servers. Thoeretically, you can use the same cert for each server since they will have the same fully qualified name. Verisign wants you to purchase one for each of course. Here is a link to some info from them:
http://www.verisign.com/products-services/security-services/ssl/ssl-certificates/load-balancing.html

Good luck
0
 
LVL 51

Assisted Solution

by:ahoffmann
ahoffmann earned 100 total points
ID: 11729485
1. i.g it sounds more secure to have one certificate for each FQDN, but from the view of a user I'd recommend to have one cert for the whole domain group.org.
   On the other side, having the same cert for more than one server, each client should complain (warn you) if it does not match 100%. So all in all, we have a two edged sward.

2. see 1.

keep in mind that using SSL/TLS does not make your site secure. It just makes it a bit more restistant against man-in-the-middle attacks. Security must be built-in your web, application, file and database servers
0

Featured Post

The Eight Noble Truths of Backup and Recovery

How can IT departments tackle the challenges of a Big Data world? This white paper provides a roadmap to success and helps companies ensure that all their data is safe and secure, no matter if it resides on-premise with physical or virtual machines or in the cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Examines three attack vectors, specifically, the different types of malware used in malicious attacks, web application attacks, and finally, network based attacks.  Concludes by examining the means of securing and protecting critical systems and inf…
Knowing where your website is hosted is as important as the features you receive, the monthly fee, and the support you receive. Due diligence should be done when choosing your next hosting provider.
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

776 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question