Running into an issue when applying an SSL cert to one of our reverse proxy servers - "This server could not prove it is <servername>". I think I might be confusing some of the SAN settings on the cert as well as server host names, dns, etc. Here's some background on my environment.
- 2 Linux servers running Apache set as reverse proxies - proxy1 and proxy2
- Reverse proxies are in front of various Azure web apps
- 1 Azure Load Balancer (Basic Tier) - proxy1 and proxy2 are part of the backend pool (proxy2 is powered off for now until I get this working on proxy1)
- Linux proxy servers have DNS entries (proxy1.local and proxy2.local) but they are not domain joined
- DNS record created for Azure LB resource with static IP assigned, ex: app-env.local
I created an ssl cert using openssl on proxy1 and set the CN to app-env.local. I also added proxy1.local as a SAN record. When I add the .crt and .key files to Apache configs I get the cert warning mentioned above.
Does the CN on the ssl cert have to match the host name of the server? Ideally I'd be able to have one ssl cert for app-env.local and apply it to each proxy server. I tried adding the IP assigned to the Azure LB as a SAN as well but no luck with that.
Any help or guidance to clear this up would be greatly appreciated!
