This website uses cookies. By clicking OK, you consent to the use of cookies. Click Here to learn more about how we use cookies.
OK
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Create Post
akazi
Level 7
‎10-10-2014 06:35 PM

SSL Certs in MS Load Balancing

Hello,

We have 2 win 2008 server nodes setup with FTP (explicit) in Serv-U FTP in a Microsoft Load balancing environment. we need to find out the appropriate procedure on how to setup 3rd Party signed SSL certificates on both nodes for the same FTP site (ftp.mydomain.com).

The KB article 1053 only describes setup of SSL in a single server environment. Some of my  questions are:

  • Do we need to generate CSR from both Server nodes with the same common name ?
  • Do we need to request certificate for each node for the same site ?
  • OR Can we generate CSR from node1, get the CA signed cert, install on node1 and then export it to other node2? if so what is the procedure? (Because this is the recommended procedure for IIS sites)

Thanks in advance for any suggestions.

Tags (5)
0 Kudos
Reply
5 Replies
oderks
Level 9
‎10-13-2014 03:04 AM

My humble thought:

As you only use 1 URL the loadbalancer will put you on either one of the servers under that name and thus you'll only need 1 certificate with your URL on both servers.

Have not tried this for Serv-U, but have several MS Load balanced webservers running on the same principle.

Reply
jonathan_at_solarwinds
Level 13
In response to oderks
‎10-13-2014 09:56 PM

Oderks is right: akazi's option #3 is the correct way.  Or, you can use a wildcard cert - I've done that too. 

-=-=-=-=-=-=-=-

Get Certified File Transfer Professional (CFTP) certified today at http://www.cftpcert.com.

0 Kudos
Reply
akazi
Level 7
In response to jonathan_at_solarwinds
‎10-14-2014 12:42 PM

Thanks Jonathan and Oderks for your input..!

As you notice that option3 involves IIS manager which makes things easier; however in my scenario, there is no IIS or web server. I am using Serv-U to generate CSR and the signed cert also will be installed within Serv-U under 'Limits & Settings" within "Encryption" tab. There is no import/export option. I came across the following KBs, So in this case, what would be the appropriate procedure to generate/install 3rd party signed certs in a 2 node SERV-U MS load balancing setup? Is it feasible to just copy the private key a from node1 with same password to node2 and utilize the same signed cert?

Thanks.

http://www.serv-u.com/kb/1053/Configuring-ServU-With-An-SSL-Certificate

https://knowledge.rapidssl.com/support/ssl-certificate-support/index?page=content&id=SO20146

0 Kudos
Reply
jonathan_at_solarwinds
Level 13
In response to akazi
‎10-14-2014 02:07 PM

>> Is it feasible to just copy the private key a from node1 with same password to node2 and utilize the same signed cert?

Yes, that's exactly what you should do.  (Get it working on one node, and then copy the SIGNED cert and key to the other node and use the same password.) 

-=-=-=-=-=-=-=-

Get Certified File Transfer Professional (CFTP) certified today at http://www.cftpcert.com.

Reply
akazi
Level 7
In response to jonathan_at_solarwinds
‎10-14-2014 06:02 PM

Thanks Jonathan..!

I will go ahead and test this procedure and update the post in case I come across any issues.

0 Kudos
Reply

SolarWinds solutions are rooted in our deep connection to our user base in the THWACK® online community. More than 150,000 members are here to solve problems, share technology and best practices, and directly contribute to our product development process.

SolarWinds Customer Success Center Certification SolarWinds Lab
About THWACK Blogs Federal & Government Edit Settings Free Tools & Trials
Legal Documents Terms of Use Privacy California Privacy Rights Security Information
© 2021 SolarWinds Worldwide, LLC. All Rights Reserved.