on 12-09-2015 4:57 PM
Hi experts,
we have one webdispatcher in DMZ which is forwarding to different backends, depending on the URL you are entering to access the WebDispatcher (routing-rules).
So, we have host A = webdispatcher and host B and C which is an alias to host A.
If you are entering www.b.com you get another backedn as www.c.com.
Now we want to setup https for the webdispatcher.
My question, is, how do I have to issue the certificate-req for the webdispatcher?
For host A or for B and C.
If for B and C, where can I import multiple certificates, for me it look like I can do it only once and like there is only one certificate possible...
Hi,
One instance will have only one server PSE. So you have to request the certificate for host A only.
Regards,
Anil
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
But when you say DNS alias it should be like
Is it like same what you are going to configure ??
Regards,
Anil
Yes, but if the certificate contains www.abc.xyz.com it will not be trusted for www.def.syz.com
Just if I have a wildcard certificate...
Hi Christian, I would recommend using the SAN (Subject Alternative Name) feature.
Have a look at attributes of the certificate of https://www.verisign.com. The alternative name attribute is a long list of DNS names:
DNS-Name=verisign.asia
DNS-Name=verisign.biz
DNS-Name=verisign.ch
DNS-Name=verisign.co.in
...
Wildcard certificates are expensive and delicate. I would only use them if there really is no practical alternative.
Regards,
Lutz
I have now imported the certificate for host A, with credentials for user of host A and did restart the webdispatcher.
However, if I go to a url via www.b.com I just a get blank page/error.
How can I analyze the error?
In the log I don't see a problem...on 1st view...
wdisp/ssl_encrypt = 2
wdisp/system_0 = SID=<SID A>, MSHOST=a.com, MSPORT=81<No A>,
wdisp/system_1 = SID =<SID B>, MSHOST=b.com MSPORT=81<No B>
icm/server_port_0 = PROT=HTTP,PORT=80
icm/server_port_3 = PROT=HTTPS,PORT=443
Kind regards
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hello,
The Web Dispatcher acts like a "reverse proxy".
The end user will reach the Web Dispatcher only.
Thus, you would need certificates for the Web Dispatcher hostname(s) only, not for the backend systems.
The following WIKI pages might help you as well.
Regards,
Isaías
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
86 | |
10 | |
9 | |
9 | |
9 | |
6 | |
6 | |
5 | |
3 | |
3 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.