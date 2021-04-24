A question about Self-signed certificate

Server Config
#1

Hello,
I want to launch a reverse proxy server and I have a question about HTTPS certificate. My plan is like below:

The Internet --> Reverse Proxy Server (Public IP) --> Web Server (Private IP)

The HTTPS certificate for my Reverse Proxy Server is Let’s Encrypt and I want to have a Self-signed certificate for my Web Server with private IP address. My question is that the Self-signed certificate settings must be addressed in the Virtual Host file on the Reverse Proxy Server or in the Virtual Host file on the Web Server?

Thank you.

#2

On the web server. The responsibility for the SSL certificate is always the responsibility of the server, never of the client.
Now since you’re using a self-signed certificate you could optionally duplicate the certificate on the client (here: the reverse proxy) too, so that it can verify that the certificate used by the server is the correct one (and as result know that we’re talking to the right server), but in general this isn’t being done it’s quite a bit of hassle to set up and keep up to date.

1 Like
#3

Thus, In the Virtual Host file on the Reverse Proxy Server, I just need Let’s Encrypt options?