Question

Question Regarding Certificate Application in HA Configuration

  • 5 April 2024
  • 2 replies
  • 33 views
F
Rank
Userlevel 1
Badge +6
  • feng
  • Sidekick (Employee)
  • 32 replies

Hi,

We are currently building a high-availability (HA) configuration environment using the Remote-deployment method in the customer project. Could you please provide the following information regarding certificates:

1. Which components require certificate application, the load balancer, and/or servers?
- Is application to the load balancer unnecessary?

2. Regarding the number of certificates needed:
- Do we need one certificate per load balancer and per server (3 servers total)? (So, four in total?)
Or would it be using a common certificate for both the load balancer and servers?
(Since the systemURL in ifscloud-values.yaml points to the LB's FQDN, would one suffice?)
3. If there are any configuration diagrams for using a load balancer available in the IFS documentation, we would appreciate it if you could share them.


Thank you and best regards!

2 replies

I
Rank
Userlevel 1
Badge +3

 Hello @feng

I did a bit of research with the help of AI, so please review with caution 

 

Based on the available resources, here's the information regarding certificates for a high-availability (HA) configuration environment:

  1. Components Requiring Certificates:

    • Certificates are typically required for both the load balancer and the servers to ensure secure communication. The load balancer often handles SSL offloading, which means it decrypts incoming requests and encrypts responses. This process requires a certificate. Servers also need certificates if they are accessed directly or if SSL termination happens at the server level 

       
      Source

      .

  2. Number of Certificates Needed:

    • The number of certificates required can vary based on the configuration. If all servers and the load balancer are accessed through the same domain name (as indicated by the systemURL in ifscloud-values.yaml pointing to the LB's FQDN), a single certificate with the appropriate Subject Alternative Names (SANs) could suffice. This certificate would then be installed on the load balancer and all servers. However, if different domain names are used or if there's a requirement for individual certificates, you would need one for each server and the load balancer 


      Source

       

Hello @Nadine  I’ve noticed also this article created by you regarding HA installation. Would you be able to advise on the above or direct Feng to a contact that could help with his queries?

Thank you in advance

 

For support please contact community@ifs.com
F
Rank
Userlevel 1
Badge +6

Hi Sidekick   @IFS Community

 

Thank you very much for your kind response.

 

Best regards,

Feng

Reply


Terms & ConditionsCookie settings