cancel
Showing results for 
Search instead for 
Did you mean: 
Create Post
Level 7

SSL Certs in MS Load Balancing

Hello,

We have 2 win 2008 server nodes setup with FTP (explicit) in Serv-U FTP in a Microsoft Load balancing environment. we need to find out the appropriate procedure on how to setup 3rd Party signed SSL certificates on both nodes for the same FTP site (ftp.mydomain.com).

The KB article 1053 only describes setup of SSL in a single server environment. Some of my  questions are:

  • Do we need to generate CSR from both Server nodes with the same common name ?
  • Do we need to request certificate for each node for the same site ?
  • OR Can we generate CSR from node1, get the CA signed cert, install on node1 and then export it to other node2? if so what is the procedure? (Because this is the recommended procedure for IIS sites)

Thanks in advance for any suggestions.

Tags (5)
0 Kudos
5 Replies
Level 9

My humble thought:

As you only use 1 URL the loadbalancer will put you on either one of the servers under that name and thus you'll only need 1 certificate with your URL on both servers.

Have not tried this for Serv-U, but have several MS Load balanced webservers running on the same principle.

Oderks is right: akazi's option #3 is the correct way.  Or, you can use a wildcard cert - I've done that too. 

-=-=-=-=-=-=-=-

Get Certified File Transfer Professional (CFTP) certified today at http://www.cftpcert.com.

0 Kudos
Level 7

Thanks Jonathan and Oderks for your input..!

As you notice that option3 involves IIS manager which makes things easier; however in my scenario, there is no IIS or web server. I am using Serv-U to generate CSR and the signed cert also will be installed within Serv-U under 'Limits & Settings" within "Encryption" tab. There is no import/export option. I came across the following KBs, So in this case, what would be the appropriate procedure to generate/install 3rd party signed certs in a 2 node SERV-U MS load balancing setup? Is it feasible to just copy the private key a from node1 with same password to node2 and utilize the same signed cert?

Thanks.

http://www.serv-u.com/kb/1053/Configuring-ServU-With-An-SSL-Certificate

https://knowledge.rapidssl.com/support/ssl-certificate-support/index?page=content&id=SO20146

0 Kudos

>> Is it feasible to just copy the private key a from node1 with same password to node2 and utilize the same signed cert?

Yes, that's exactly what you should do.  (Get it working on one node, and then copy the SIGNED cert and key to the other node and use the same password.) 

-=-=-=-=-=-=-=-

Get Certified File Transfer Professional (CFTP) certified today at http://www.cftpcert.com.

Level 7

Thanks Jonathan..!

I will go ahead and test this procedure and update the post in case I come across any issues.

0 Kudos