Most of the load balancers I have seen will either terminate the SSL connection at the load balancer or simply just look at the header and forward it appropriately.
If you need SSL form the load balancer to the backend server you can use self signed certs
If you can't break the SSL until it gets to the final server because of whatever requirements then it will greatly reduce what you can do with the load balancer and it will just be a fancy router.

Also, some SSL providers allow for wild card certs as well, *.domain.com, that may also work for you, but they are expensive from what I heard.



On Sun, Aug 15, 2010 at 12:25 PM, R P Herrold <herrold@owlriver.com> wrote:
On Sun, 15 Aug 2010, Lisa Kachold wrote:

On Fri, Aug 13, 2010 at 11:50 PM, Bryan O'Neal <
Bryan.ONeal@theonealandassociates.com> wrote:

So you do name based virtual hosts with SSL and without SNI? I would
love to see your config files!
- As always you teach us lowly mortals so much ;)

Which was not the question asked by Eric 'shubes', or that I answered, of course ---

We were asked to have a load balancer or such at a public address, IN FRONT of a backend filled with a collection of potentially differing units, with RFC-1918 addressed backends and if the SSL tunnel might be established by the front end and used by the back ends.

The answer remains: no


Hey, I just bungle along too.

no argument from me on that -- seems you shoot from the hit a lot, though

-- Russ herrold

---------------------------------------------------
PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us
To subscribe, unsubscribe, or to change your mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss