Apache2 Reverse Proxy website and Exchange cert


#1

Hi all,

Whats is the best way to have a Microsoft Exchange server with a LE assigned certificate that has 6 SAN for the Exchange and an Apache webserver hosting the www and non-www of that same domain.

The site is old and no longer hosted live to public and when the LE cert expires for the www and non-www domain, my MS Outlook client starts prompting with… (Red cross on) The security certificate date is valid - banner notification window when Outlook is opened.


#2

In order to overcome the red X you will have to renew the cert (or host your own internal private PKI system).
[If you don’t need any interaction with the Internet, then you may not even need “real” domain names, nor a cert that is valid on the Internet.]
In order to renew the public cert you will have to have an internet routable IP for the name(s) on the cert.
Which means you will have to continue to renew the domain(s) in the cert(s) and authenticate via HTTP (or DNS).

As for using a reverse proxy, you could; At a minimum, you would need to allow the authentication requests to reach the internal server in order to issue the cert(s) right from the Exchange server.

It really depends on your exact scenario… and the choices you make.
Like: Which version of Windows, how much knowledge you have with all things related, and how much access you have to make required changes…

FYI - information like:

creates more questions than it answers.


#3

Thanks rg305 for response back.
Unfortunately, the old site still needs to be back up only to host the reverse proxy urls (that runs http not https) that relate to internal big data stuff.
So can’t get rid of the vhost config until find time to migrate somewhere else.

For now, I did what you rightly said earlier and remove the htaccess redirect on the site and allow the Let’s Encrypt validation servers gain access to site and get the cert renewals done.

Hence my question on what is bets way to handle this…


#4

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.