Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Will a self-signed certificate work behind an Apache reverse-proxy?

Tags:

ssl

apache

We want to use Apache as our reverse proxy to a collection of app servers. We plan to se a CA-signed SSL certificate on the Apache instance but wanted to use self-signed certificates on the app server instances (so that the Apache to app sever connection also was encrypted). We dont want to install a CA-signed SSL certificate on the app server instances if we dont have to.

Will Apache allow this configuration of having self-signed certificates on the app server instances?

like image 234
BestPractices Avatar asked Sep 17 '12 13:09

BestPractices


1 Answers

If you have a large collection of app servers, it would probably make more sense to have your own internal CA, instead of having to manage each self-signed certificate one by one.

If you want to the connections between an Apache Httpd reverse proxy and its worker nodes to use HTTPS, you can configure the certificates trusted by Apache Httpd using the SSLProxy* directives of mod_ssl (as documented in the introduction of the mod_proxy documentation), in particular SSLProxyCACertificateFile.

You'll need to use mod_proxy_http for this, since AJP connections are not made over SSL/TLS.

like image 52
Bruno Avatar answered Oct 12 '22 23:10

Bruno