Hi all,
I have Installed multiple cell vCloud Director 9.5 with signed wildcard certificate ( Issuer GeoTrust )
Cell 1 HTTPS : cell01.subdomain.domain.com
Cell 1 CONSOLE : cell01-console.subdomain.domain.com
Cell 2 HTTPS : cell02.subdomain.domain.com
Cell 2 CONSOLE : cell02-console.subdomain.domain.com
My signed wildcard certificate is *.subdomain.domain.com
tomorrow I'll configure my Load balancer without sub domain like this ;
cloud.domain.com - With SSL Ofloading
cloud-console.domain.com - pass through ssl
Then I will configure my Public URLs with dns above on vCloud Director.
Is there any mismatch at configuration above ?
Thanks
Hi,
The only issue I can think of is that you will have a mismatch for the cloud-console.domain.com since you will be doing ssl passthrough, unless you change the local certificates of each cell as well.
/Andreas
You will need to ensure that cloud-console.domain.com is also using SSL Offload. Depending on what you're using for load balancing, you'll need to ensure that it supports doing SSL Offload for websockets connections.
It's important that the console certificates are valid as browsers such as Chrome will not connect to a websocket with a non-valid/trusted certificate (developer console will show this).
We run this as follows:
1. Run internal CA which has a single certificate on all cells which covers the cell and console FQDNs. You could just as easily use a wildcard in this case. The thing to be careful of is that all cells need to use the same internal certificate as this used to sign material that is sent to the client. If your request to the console went to a different cell to than what received the vCD request, things break.
2. Have a public facing SSL (in our case, LetsEncrypt because short-lived certificates are good) handled by the load balancer.
Hope this helps.