在负载均衡器环境中使用基于 ssl (HTTPS) 的证书的 WCF
我想了解如何设置 WCF 服务,该服务在负载均衡器环境中通过 SSL (HTTPS) 证书与客户端进行通信。该证书用于消息交换。
更新
以下是当前设置:
使用 WCF 3.5,但如果需要,可以更改为版本 4。
IIS7.5 和 ASP.NET 3.5
证书安装在每个 IIS 上,
每个 WCF 应用程序安装在每个 IIS 上,
证书颁发到 *.mydomainname.com,其中我的应用程序位于 myapp.mydomainname.com 下,
负载均衡器是否需要证书?
目标
客户端使用证书通过负载均衡器中的 HTTPS 与 WCF 服务进行通信。
任何想法将不胜感激!
I want to find out how to set up a WCF service, which communicates with client via certificate over SSL (HTTPS) in a load balancer environment. The certificate is used for message exchanges.
Update
Below is current setup:
WCF 3.5 is used, but can be changed to ver 4 if required.
IIS7.5 and ASP.NET 3.5
certificate is installed on each IIS,
each WCF app is installed on each IIS,
certificate is issued to *.mydomainname.com, where my app is under myapp.mydomainname.com
does load balancer require certificate?
Goal
Client uses certificate to communicate with WCF service over HTTPS in load balancer.
Any idea would be very much appreciated!
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
托管服务的站点必须在域名上公开,例如:
必须在网络场中的所有应用程序服务器(负载平衡服务器)上完成此配置=您必须分配正确的主机标头。您必须为此域名请求/创建证书并将其(包括私钥)安装在场中的所有服务器上。您必须在所有服务器上配置您的网站才能使用此证书。域名的 DNS 记录必须配置为指向负载均衡器的 IP 地址。
负载平衡必须在 TCP 级别上完成,以维护客户端和服务器之间的 HTTPS。在这种情况下,负载平衡环境应该对客户端完全透明,并且负载平衡器将不需要证书,因为它只会转发 TCP 连接,并且将与真实的 Web 服务器创建 SSL 隧道。
Your site hosting the service must be exposed on domain name for example:
This configuration must be done on all application servers in the web farm (load balanced servers) = you must assign correct host header. You must request / create certificate for this domain name and install it (including private key) on all servers in the farm. You must configure your web sites on all servers to use this certificate. DNS record for the domain name must be configured to point to IP address of the load balancer.
Load balancing must be done on TCP level to maintain HTTPS between client and your servers. In this scenario load balanced environment should become completely transparent to client and load balancer will not need the certificate because it will only forward TCP connections and SSL tunnel will be created with the real web server.