*bumped for Air who knows his cluster stuff ;)*

>for my site

This may not help but...the best way to use SSL certs imho is to set up a dedicated domain. Think of a good name, something with security in it, and host all your secure stuff there, much better than having individual certs for each domain.

I could be mistaken, but I always assumed that the SSL certificates were bound to the domain/host name, and not to the specific IP address. Unless I'm missing anything here, then your clustered servers should be fine, as long as they all answer to the same name.

I believe Bird is right...certs are bound to domain names, not IP's. Therefore, in a clustered environment SSL should work.

Just stared work at a web host and asked around. That's the answer I got.

NFFC still sneaky after all these years :)

There's a few choices but all of them depend on the configuration the host has deployed to provide redundancy and how they have configured various components.

One choice as NFFC pointed out is to dedicate one domain and direct all secure transactions to it. It's probably the tidiest method in which you have control.

Next choice is to find out from the provider how many servers make up the cluster, and on how many of those servers your site exists on. Then make sure there is a unique IP for each of your redundant sites and buy a certificate for each instance.

This next method is pretty much in the hands of your providor and involves using content switches and/or content accelerators, these can be set up so that one certificate represents the cluster, it reduces the number of certificates that have to be purchased and can also improve performance because the encryption is hardware based.

Hii again,

Thank you all for the valuable replies...! :)

dedicate one domain and direct all secure transactions to it. It's probably the tidiest method in which you have control.

Can that be a sub-domain or it is very necessary to be a primary domain only !...also I would be Interested to know in what way this method gives me more control.

Air, thanks for the other options also, you had mentioned !

Thanks again !

> Can that be a sub-domain

Yep, it can. You can also apply using wildcards - eg *.example.com - which would help in a cluster situation if you wanted to specify individual hosts.

>..also I would be Interested to know in what way this method gives me more control.

It gives you more control because it does not rely on the cluster configuration in use by your provider. Many more of the elements needed to deploy it are within your control, as you look at some of the other choices you'll notice that they rely on the provider to a greater degree.

In addition the domain is owned by you and so is the certificate tied to it, so you could move it elsewhere if you so chose.

the way we do it is we have our cert on one domain and then for each domain that uses it we just add a subdomain with the other sitename in front ie. somesite.certsite.com. It works very well, easy to maintain and makes sense to users, clients etc.

Hii,

Just want to check, if I have understood this correctly.

Lets say, my hosts domain is www.abc.com.

Now, My host will have to set up a new domain or a subdomain,line certs.abc.com and he will let his hosting customers share or use his SSL cert. right ?
And that domain or subdomain should have a static IP..?? is that so..??

Also, I guess, wildcard certs are costleir right..??

Or is it that, each customer can have a subdomain under his domain and can have certs fully functional..??

Correct me, if i am wrong somewhere..??

Thanks much in advance
:)