Hi,
We are currently building a high-availability (HA) configuration environment using the Remote-deployment method in the customer project. Could you please provide the following information regarding certificates:
1. Which components require certificate application, the load balancer, and/or servers?
- Is application to the load balancer unnecessary?
2. Regarding the number of certificates needed:
- Do we need one certificate per load balancer and per server (3 servers total)? (So, four in total?)
Or would it be using a common certificate for both the load balancer and servers?
(Since the systemURL in ifscloud-values.yaml points to the LB's FQDN, would one suffice?)
3. If there are any configuration diagrams for using a load balancer available in the IFS documentation, we would appreciate it if you could share them.
Thank you and best regards!
Page 1 / 1
Hello
I did a bit of research with the help of AI, so please review with caution
Based on the available resources, here's the information regarding certificates for a high-availability (HA) configuration environment:
-
Components Requiring Certificates:
- Certificates are typically required for both the load balancer and the servers to ensure secure communication. The load balancer often handles SSL offloading, which means it decrypts incoming requests and encrypts responses. This process requires a certificate. Servers also need certificates if they are accessed directly or if SSL termination happens at the server level .
-
Number of Certificates Needed:
- The number of certificates required can vary based on the configuration. If all servers and the load balancer are accessed through the same domain name (as indicated by the systemURL in
ifscloud-values.yaml
pointing to the LB's FQDN), a single certificate with the appropriate Subject Alternative Names (SANs) could suffice. This certificate would then be installed on the load balancer and all servers. However, if different domain names are used or if there's a requirement for individual certificates, you would need one for each server and the load balancer
- The number of certificates required can vary based on the configuration. If all servers and the load balancer are accessed through the same domain name (as indicated by the systemURL in
Hello
Thank you in advance
Hi Sidekick
Thank you very much for your kind response.
Best regards,
Feng
Reply
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.