Multi-Hosts TLS Certificate

It is sometimes convenient to have a domain distributed over two or more machines. This technique, as old as DNS, is interesting to spread the load between multiple hosts, or to provide a bit of high availability. Indeed, if a host becomes inaccessible, at least half of the requests will continue to be successful.

However, since TLS connections have become the norm, and certificates should be renewed automatically, it could be hard to control the validation and the distribution.

I will present you a technique which, with the help of a finely configured web server, allows to get a different certificate on each machine, but usable for the same subdomain.

[Read More]