Topic: SSL Questions for Proxy Server and Individual Web Servers

[sjuanes]

New to the forum and had some SSL certificate questions. I appologize ahead of time if my wording and term usage is off. So here is some background:

I have a total of 3 web servers:

x1 gateway.domain.com:443 (Using as a proxy to web1 and web2)
x1 web1.domain.com:443
x1 web2.domain.com:443

I was able to have gateway.domain.com play nicely with a wildcard certificate and handshake perfectly with web1 and web2. Now currently, web1 and web2 have their own SSL certificates while gateway has a wildcard cert for *.domain.com. Is it necessary to have certs on all 3 servers or just have the single wildcard cert on gateway.domain.com?

I believe my understanding of how the handshake works is where I am stumbling. Thank you.

[Anaksunaman]

It seems that you would like HTTPS on both the internal and external networks.

The most likely scenario for this would be then:

A) Proxy - 3 certificates (*.domain.tld to catch anything that is HTTPS but not Server 1 or Server 2, plus the two the server certificates to be referenced in a 443 virtual hosts for each web server.)

B) Server 1 -- Certificate 1

C) Server 2 -- Certificate 2

If you ditch HTTPS internally, you can most likely just use either the wildcard domain certificate, or reference the other certificates for each web server in your 443 virtual hosts.