Hello Jim, Thanks for your answer / clarification!
It's now clear to me! And it's good to know that I set-up my servers correctly :-)! Jeroen -------------------------------------------------------- Support the independent web, use [Firefox](https://www.mozilla.org/en-US/firefox/new/) ‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐ On Thursday, January 13th, 2022 at 8:57 PM, Jim Albert <j...@netrition.com> wrote: > You absolutely want SSL certificates installed on your public facing proxy... > signed by a well trusted CA if you want the rest of the world to trust your > proxy. > If you want your proxy to communicate encrypted to your back end/private web > server then you need an SSL certificate on the back end. > Only your proxy needs to trust your back end/private web server so the back > end would be fine with either self signed or signed by your own CA and have > the proxy trust either. > > Depending on how your public SSL certificate is configured or if the proxy > will ignore any warnings on a mismatched CN/Subject Alternate Names you could > use it for both. > > On 1/13/2022 6:58 AM, Jeroen Verhoeckx wrote: > >> Thanks, great to know that it is possible! >> >> You write that you need to install the SSL certificates on both the reverse >> proxy and in the virtual machine (or another local server)? >> Is that really necessary? I try to avoid duplication whenever that is >> possible. >> >> Do you have an example set-up somewhere? >> >> Thanks!! >> >> -------------------------------------------------------- >> Support the independent web, use >> [Firefox](https://www.mozilla.org/en-US/firefox/new/) >> >> ‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐ >> On Wednesday, January 12th, 2022 at 5:23 PM, Dino Ciuffetti >> [<d...@tuxweb.it>](mailto:d...@tuxweb.it) wrote: >> >>>> My question: >>>> Would it have been possible to install the SSL certificates in the virtual >>>> machines? >>> >>> YES. It's possibile to send Internet HTTPS traffic to an internal HTTPS >>> service behind apache httpd as a reverse proxy. >>> You eventally need to install same SSL certificates (but you don't have to >>> necessarily) on both the reverse proxy and the internal service, enable >>> SSLProxyProtol on your VHs and send the traffic to HTTPS via your ProxyPass. > > -- > Jim Albert
