Manualshelf

Specifications

ManualsBrandsCoyote Point Systems ManualsHome AudioEqualizer
181182183184185186187188189190
Equalizer Installation and Administration Guide 171
D HTTPS Cluster Certificates
The sections below tell you how to get your Layer 7 HTTPS clusters running with certificates.
Please read these sections completely before beginning to work with certificates on Equalizer.
While this document tells you all you need to know to use certificates with HTTPS clusters, it is not
a primer on HTTPS, SSL, or certificates. There are many resources on the Internet, in trade
publications, and in books on these topics; in addition, most SSL certificate vendors offer basic SSL
overviews on their websites.
Using Certificates in HTTPS Clusters
The HTTPS protocol supports encrypted, secure communication between clients and servers. It
requires that a Secure Sockets Layer (SSL) authentication handshake occur between a client and a
server in order for a connection request to succeed.
When a client requests an HTTPS connection to a web server, the server (which has already been
set up to support SSL connections) sends a server certificate to the client for verification. The client
checks the content of the certificate against a local database of Certificate Authorities, and if it finds
a match the connection is made. If no match is found (as is often the case with self-signed
certificates), the browser will display a warning and ask if you want to continue with the
connection.
A further level of trust can be enabled by setting the server up to request a client certificate in
addition to the server certificate. Copies of the client certificate are pre-installed on both client and
server. When the server sends the server certificate to the client, it also sends a request for a
certificate from the client. Once the client accepts the server certificate as described above, it sends
the client certificate to the server for verification. The server compares the client certificate it
receives with its local copy of the client certificate, and if they match the connection is made.
A server certificate is required for an HTTPS connection; a client certificate is optional.
HTTPS and Equalizer Clusters
In the typical HTTPS scenario described above, the client and server are communicating directly,
and the server is doing all the work of encrypting and decrypting packets, comparing certificates,
and authenticating clients. If you have many systems servicing requests for the same website, you’ll
need to install certificates on each server.
With Equalizer, you do not need to install a certificate on every server in a Layer 7 HTTPS cluster.
Since certificates are associated with host names and not IP addresses, you only need a server
certificate for each HTTPS cluster and the certificates are installed only on Equalizer -- not on each
server. This reduces maintenance by reducing the number of certificates required for a group of
systems serving content for the same host name.
When a client requests a connection to an HTTPS cluster, Equalizer establishes the HTTPS
connection with the client, off loading SSL processing from all the servers in the HTTPS cluster.