We want to use Apache as our reverse proxy to a collection of app servers. We plan to se a CA-signed SSL certificate on the Apache instance but wanted to use self-signed certificates on the app server instances (so that the Apache to app sever connection also was encrypted). We dont want to install a CA-signed SSL certificate on the app server instances if we dont have to.
Will Apache allow this configuration of having self-signed certificates on the app server instances?
If you have a large collection of app servers, it would probably make more sense to have your own internal CA, instead of having to manage each self-signed certificate one by one.
If you want to the connections between an Apache Httpd reverse proxy and its worker nodes to use HTTPS, you can configure the certificates trusted by Apache Httpd using the SSLProxy*
directives of mod_ssl
(as documented in the introduction of the mod_proxy
documentation), in particular SSLProxyCACertificateFile
.
You'll need to use mod_proxy_http
for this, since AJP connections are not made over SSL/TLS.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With