I would like to ask a question that we work here in my company with DMZ, we have a reverse proxy server, I would like to create a single ssl for all the sites behind this server, will I have to create an ssl by subdomains?
or only 1 for everyone is already good?
Sorry, I used google translate
It depend on your need... And how many site you need to cover on that server....
Are all sites on one root domain? (If so, you could take advantage on leus Encrypt's wildcard certificate...)
If not all sites on the same root domain, you could just issue one (wildcard) certificate for each dedicated root domain, to save time renewing & protect privacy...
s.site.com ip: 192.168.1.220 httpD
p.site.com ip 192.168.1.158 TomCat
with the wildcard certificate, can I protect both cases?
ProxyPass / http://192.168.1.220:443
ProxyPassReverse / https://s.site.com/
ProxyPass / http://192.168.1.158:443
ProxyPassReverse / https://p.site.com/
Of course, you could use one single wildcard certificate to cover all subdomains. (*.site.com)
But, please note that the only way to get the certificate is via DNS validation, which means you would need to use a competable DNS provider in order to automate the process.
(Try acme.sh or certbot.... In Unix system, acme.sh usually covers more DNS provider than certbot...)
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.