I have a public address (say www-mydomain-org), however the firewall redirects this to an internal server www-dmz-mydomain-org). In my case the redirect is to a non-standard port 12345 so I accessing www-mydomain-org:12345 which forwards the request to www-dmz-mydomian-org:2345. So I need a cert for www-mydomain-org, however the internal server on which I want a cert only knows of it’s self as www-dmz, and due to policies can not even access www (in fact no internal dmz server has access to the public address). Thus I have
www-mydomain-org : external IP (of FW) : port 12345
www-dmz-mydomain-org : internal IP (lets say say 10.120.12.12) : port 2345
www-dmz.mydomain-org is accessed externally via www-mydomain-org and port 12345.
How do I generate a cert for www.mydomain.org:12345?
I thought I’d use certonly, but even then I get unable to connect to host (makes sense as I active reject connection to the public IPs from the DMZ and the port is non-standard as well.
FYI: sorry about using - but otherwise it thinks of the name as links.