I've just setup a HAproxy as a load balancer in front of two view security servers which have SSL certificates installed.
I can succesfully connect to vmview-security1.example.org and vmview-security2.example.org but if I connect to vmview-lb.example.org the view client (5.0 comes back saying the certificate presented does match the hostname name, which is correct as HAproxy is forwarding requests onto one of the security servers and it's their SSL certificate that's being presented.
Is anyone doing something similar? I'm wondering if need to be be running stunnel on the load balancer to take care of this?
If you install certificates on each Security Server for vmview-lb.example.org instead of vmview-security1.example.org and vmview-security2.example.org this should ensure that you will get a name match when the certificates are checked.
Mark.
Thanks, I tried that and whilst the certificate is present (ie I can browse to http://vmview-lb.example.org with a web browser and the certificate is correctly displaying the generic name, when connecting with view it must return the name of the actual security server somewhere in the reply as I'm now getting the same error, certificate doesn't match, but with the generic SSL certificate not the security server.
Is there a way to have multiple certificates installed in the keystore or setup some kind of alias?
Are you entering http://vmview-lb.example.org at your View Client? Does this hostname match that of the SSL server certificate? If so this should work.
Mark.
Yes, I'm entering the load balancer name the view client, vmview-lb.example.org.
I can browse to https://vmview-lb.example.org fine but when connecting using the the view client something must be returning the FQDN of the security server in the reply and the SSL certificate (vmview-lb.example.org) then no longer matches the hostname (vmview-sec1.example.org).
Hi,
i have exactly the same setup and the same problem
do you have a solution ?
my pcoip client complains about certificate that dont mach hostname
Thanks in advance