Re: Pen and SSL issues

From: Nathan Butcher <>
Date: Mon, 13 Nov 2006 11:17:57 +0900

>No problem. The main thing is to set up a certificate with multiple
>subjectAltNames (specify each instead of having a wildcard cert).

That may be the way to go. As long as SSL wants to function over pen
(and given that all poen does is to redirect packets), then it seems
that the SSL experimental modifications in the pen source tree are
largely useless.

There seems to be no reason why this won't work over VRRP too. If two
servers have Apache/Tomcat/whatever displaying the same SSL cert, the
internet traffic from these machines is all going to appear to come from
the VRRPed virtual IP address anyway. As long as the domain name
belonging to the VRRPed virtual IP address is registered in the cert,
then all should be golden.

Please correct me if I'm wrong...
Received on Mon Nov 13 2006 - 03:21:40 CET

This archive was generated by hypermail 2.2.0 : Mon Nov 13 2006 - 03:21:42 CET