Hello,

I plan to have an large number of applications with different host names but on the same domain, so I want to use a wild-card ssl certificate. Would a NAS in it's own application be the place to keep it and if so do I just put an IN appiance in the application with the NAS (connected to the NAS nfs terminal) and an OUT appliance in each of the others (connected to the fs terminal)?

That's what I'm trying but haven't managed to make it work quite yet, so I'm wondering if I need to be barking up a different tree, or stick with this one.

Any advice welcome, thank you.

csgno1,

I assume you are using INSSLR which has an fs terminal. To help find the problem, try first connecting the NAS appliance directly to INSSLR's fs output (temporarily bring a NAS into one of the apps). If this doesn't work, then dig into the INSSLR; otherwise, the problem is likely in getting NFS over gateways. I recall some issues remoting NFS via OUT/IN pair, you may want to open a ticket and ping Jessie. Another related approach may be to use a VPN gateway instead (in cleartext or encrypted mode).

There is another way, which is to create a global volume with the ssl certificate, and make the key volume on each INSSLR gateway to be a link to the global volume (using the key volume in INSSLR rather than the fs terminal for accessing the SSL certificate). This will require all apps sharing the certificate to be on the same grid and will leave the volume read-only (as it is shared between all apps), but it will eliminate the need for the NAS appliance and gateways.

Let me know if any of these help.

Best regards,
- Peter

I will try using a vpn, thanks for the suggestion.

I already tried using a global volume, but I had trouble, and as you pointed out it won't work across grids.

Thanks