Solved

Help on configuring multiple Virtual Hosts on the same servers using SSL certificates

Posted on 2010-11-08
3
435 Views
Last Modified: 2013-12-10
I'm running into an issue trying to configure multiple applications on the same physical boxes to be accessed through an SSL connection (https) and could use some fairly detailed help on how to

The issue I am running into is this:

ApplicationA is a web application accessed through a Load Balanced address of https://mw-applicationa-lb.  The load balancer sends traffic to an IHS webserver running on either server1 or server2 (the app is horizontally clustered)  IHS, using the WAS plugin, redirects to the appropriate cluster in WebSphere Application Server (IHS, plugin and AppServer are all on the same server.. server1 and server2)

This basic configuration we have working...

The issue is when we add a 2nd application, ApplicationB in another cluster, responding to a different load balanced address, https://mw-applicationb-lb.

When a user tries to access the second application, they get a pop-up/warning that the certificate is invalid, because they are going to https://mw-applicationb-lb, but the certificate was issued to mw-applicationa-lb  We had thought we could add another certificate to the server for each virtual host, but it doesn't seem to be working.

I'm sure this is a fairly common configuration, but we haven't been able to get rid of this warning.  Anyone have thoughts on what we may be doing wrong?  I'm terribly inexperienced with SSL configurations, so please explain in some detail if you could.

If I need to provide more information, let me know

TIA,
 Brian
0
Comment
Question by:Bbouch
  • 2
3 Comments
 
LVL 8

Accepted Solution

by:
AdminRAM earned 500 total points
ID: 34133621
Hi Brian,


ApplicationA is a web application accessed through a Load Balanced address of https://mw-applicationa-lb.

---> I believe you enabled SSL on Webserver. If so the certificate which shows in browser it will be displayed by webserver.


The issue is when we add a 2nd application, ApplicationB in another cluster, responding to a different load balanced address, https://mw-applicationb-lb.

---> If you using same IHS then you will get a pop-up/warning that the certificate is invalid, because url mw-applicationb-lb you given is not matching the certificate CN (mw-applicationa-lb) displayed by webserver..

Therefore nothing you can do websphere side because certificate is presenting by IHS..

you need to add If you are enabling multiple Web sites for SSL, you can enable SSL as follows. All hostnames must be registered in DNS to a separate IP address. Also, all the IP addresses must be configured on a local network interface card.

more details see the following link

IBM - Guide to properly setting up SSL within the IBM HTTP Server
http://www-01.ibm.com/support/docview.wss?uid=swg21179559

AdminRam
0
 
LVL 1

Author Closing Comment

by:Bbouch
ID: 34160932
Thanks AdminRam. I thought I had read this somewhere, but I wanted to verify I wasn't crazy.  Since we're talking about a few hundred potential addresses, I think we'll reconsider our strategy and go with more generic addresses.
0
 
LVL 8

Expert Comment

by:AdminRAM
ID: 34161502
Thank you very much for grade and points

Have a good day
AdminRam
0

Featured Post

ScreenConnect 6.0 Free Trial

Explore all the enhancements in one game-changing release, ScreenConnect 6.0, based on partner feedback. New features include a redesigned UI, app configurations and chat acknowledgement to improve customer engagement!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Define alias for servlet 5 53
web service Rest Client creation 4 87
oneTwo java challenge 31 589
Hosting application in Apache and Tomcat 1 104
Most of the developers using Tomcat find it easy to configure the datasource in Server.xml and use the JNDI name in the code to get the connection.  So the default connection pool using DBCP (or any other framework) is made available and the life go…
Upgrading Tomcat – There are a couple of methods to upgrade Tomcat is to use The Apache Installer is to download and unzip and run the services.bat remove|install Tomcat6 Because of the App that we are working with, we can only use Tomcat 6.…
In a recent question (https://www.experts-exchange.com/questions/28997919/Pagination-in-Adobe-Acrobat.html) here at Experts Exchange, a member asked how to add page numbers to a PDF file using Adobe Acrobat XI Pro. This short video Micro Tutorial sh…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …

777 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question