SSL Certificates, two-way authentication and loadbalancers

Posted by 5arx on Server Fault See other posts from Server Fault or by 5arx
Published on 2012-06-25T08:29:59Z Indexed on 2012/06/25 9:17 UTC
Read the original article Hit count: 245

Filed under:

iis7

|

load-balancing

|

authentication

|

ssl-certificate

|

production-environment

We're looking to implement two-way authentication with client certificates for a privileged subset of our application users. The idea will be that if a certificate is detected the user will be asked for an additional password/PIN and that will be used to verify the certificate and user. Ordinary users will continue to authenticate themselves via the standard login mechanism.

Our production environment (hosted by a well-known company) comprises load-balanced application servers and I'm unclear as to how this set-up will handle the certificates and I'm not certain if there are any pitfalls I should be aware of. I would very appreciate some thoughts, comments or real-world advice on the subject.

© Server Fault or respective owner

Related posts about iis7

Configuring IIS7 404 page when using IIS7 urlrewrite module

as seen on Pro Webmasters - Search for 'Pro Webmasters'
I've got custom errors to work for .aspx page like: www.domain.com/whateverdfdgdfg.aspx But, when no .aspx url is requested, (like http://www.domain.com/hfdkfdh4545) it results in an error: HTTP Error 404.0 - Not Found The resource you are looking for has been removed, had its name changed… >>> More
How to create a Subdomain in IIS7?

as seen on Server Fault - Search for 'Server Fault'
In IIS7 I have a site: http://www.mydomain.com/mysite How can I get the same site to appear as: http://mysite.mydomain.com ? I already have the DNS set up and can ping it, I just do not know how to configure it in IIS7. >>> More
How can I control which IP address IIS7 uses?

as seen on Server Fault - Search for 'Server Fault'
In Win2k3 I used httpcfg to tell IIS to listen to specific IP addresses on the server. I want to run Apache with VisualSVN Server on port 80 on another IP address but IIS7 binds to all ports by default. What utility for IIS7 controls the IIS7 bindings? Update: I found the answer. There is a utility… >>> More
WCF service hosted in IIS7 with administrator rights?

as seen on Server Fault - Search for 'Server Fault'
Hello, How do I grant administrator rights to a running WCF service hosted in IIS7? The problem is, my code works fine in a test console application runned as an administrator, but the same code used from WCF service in IIS7 fails. When I run the same console test application without admin rights… >>> More
authentication problem on windows vista (cookie is getting written but httpcontext.current.user is n

as seen on Stack Overflow - Search for 'Stack Overflow'
authentication problem on windows vista (iis7) (cookie is getting written but httpcontext.current.user is null) >>> More

Related posts about load-balancing

Failover or load balancing configuration on Apple Xserve and Mac OS X Server Snow Leopard (10.6)

as seen on Server Fault - Search for 'Server Fault'
I'm currently installing a number of Apple Xserve boxes running Mac OS X Server (10.6). After poking and prodding for a while I can't find any obvious way, or documentation telling me how, to set up the 2 ethernet ports in a failover or load-balancing configuration. There seems to be an obvious… >>> More
Conceptually how does load-balancing on the EJB tier work in Glassfish/any ejb container

as seen on Stack Overflow - Search for 'Stack Overflow'
I am wondering conceptually how load-balancing works on the EJB-level (not web session replication) with Java EE containers like Glassfish. From what I have gleaned your remote interface is a proxy that delegates your call to one of many servers you may have in an environment. If things fail are… >>> More
Do i need a dedicated server for load balancing?

as seen on Server Fault - Search for 'Server Fault'
I'm completely new to the concept of load balancing so i hope this question isn't a "stupid question" because i've been searching around and im having a hard time understanding this. So to my understanding, in order to load balance, i need a separate machine with an ip address i can direct all traffic… >>> More
Load balancing and sessions

as seen on Stack Overflow - Search for 'Stack Overflow'
Hi there, What is the better approach for load balancing on web servers? My services run in .NET and Mono, so they could be hosted on IIS or Apache2, and the will have to provide SSL connection. I've read two main approaches, store the state in a common server and use sticky sessions, there is any… >>> More
Loadbalancing outbound traffic while using openbgpd on freebsd

as seen on Server Fault - Search for 'Server Fault'
Hi, I am using openbgpd in freeBSD with 2 ISP connections. I have my own AS number and a /22 network. Currently I am advertising entire /22 to both networks. Inbound traffic comes in But my outbound traffic goes via a single link. I would like to either distribute my outbound traffic via both links… >>> More