You absolutely want SSL certificates installed on your public facing
proxy... signed by a well trusted CA if you want the rest of the world
to trust your proxy.
If you want your proxy to communicate encrypted to your back end/private
web server then you need an SSL certificate on the back end.
Only your proxy needs to trust your back end/private web server so the
back end would be fine with either self signed or signed by your own CA
and have the proxy trust either.
Depending on how your public SSL certificate is configured or if the
proxy will ignore any warnings on a mismatched CN/Subject Alternate
Names you could use it for both.
On 1/13/2022 6:58 AM, Jeroen Verhoeckx wrote:
Thanks, great to know that it is possible!
You write that you need to install the SSL certificates on both the
reverse proxy and in the virtual machine (or another local server)?
Is that really necessary? I try to avoid duplication whenever that is
possible.
Do you have an example set-up somewhere?
Thanks!!
--------------------------------------------------------
/Support the independent web, use //Firefox/
<https://www.mozilla.org/en-US/firefox/new/>
‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐
On Wednesday, January 12th, 2022 at 5:23 PM, Dino Ciuffetti
<d...@tuxweb.it> wrote:
My question:
/Would it have been possible to install the SSL certificates in
the virtual machines?/
YES. It's possibile to send Internet HTTPS traffic to an internal
HTTPS service behind apache httpd as a reverse proxy.
You eventally need to install same SSL certificates (but you don't
have to necessarily) on both the reverse proxy and the internal
service, enable SSLProxyProtol on your VHs and send the traffic to
HTTPS via your ProxyPass.
--
Jim Albert
