Generating CSR for multiple server

February 2, 2015 4.9k views

It's time for me to renew my ssl certification.
I've decided to change from godaddy to rapidssl.
They are asking me for a csr, but nor I have multiple server.
Do I need to generate the csr from a particular server, or I can generate it from any server and it will work?

I have 2 apache/php server behind 2 haproxy server (all on debian).
The client connect throw the 2 haproxy server and the ssl will be hosted on them.

Thank you

1 Answer

It is not necessary to generate the CSR on the server that will host the resulting certificate on as long as the key matches in the end. Though normally you would only have there cert on a single server unless it is a "wildcard" cert. Are the the two different HAProxy servers for the same domain?

This tutorial explains a fairly typical setup where a HAProxy server with the SSL cert sits in front of the rest of the infrastructure.

by Mitchell Anicas
HAProxy, which stands for High Availability Proxy, is a popular open source software TCP/HTTP Load Balancer and proxying solution. In this tutorial, we will go over how to use HAProxy for SSL termination, for traffic encryption, and for load balancing your web servers. We will also show you how to use HAProxy to redirect HTTP traffic to HTTPS. Native SSL support was implemented in HAProxy 1.5.x, which was released as a stable version in June 2014.
  • Yes all under the same domain

  • So does the one fail over to the other? If that's the case, then you should be fine with a single CSR as an SSL cert is tied to a specific domain, not an IP address.

Have another answer? Share your knowledge.