0

I have a Win 2003 server and I'm using Ionics Isapi Rewrite Filter to redirect requests made to a Web Site configured in IIS to another Apache2 Server in a server not exposed to the Internet. The Web Site has its host headers configured to catch requests for the specific site, and the redirection is being done with the ProxyPass directive. This is working OK.

So far the scenario, my question is: I'd like to add a server certificate to the Apache server, but I don´t know if I need to add the certificate to both Apache and IIS sites. I think I still don´t get the theory behind this and would like to know from someone with expertise in the field the right way to implement this.

Thank you in advance.

Daniel
  • 1
  • 1

1 Answers1

0

The proxy server gets the certificate and all SSL configuration, and the Apache server doesn't need any. You can think of the proxy as unwrapping the SSL and forwarding plain HTTP back to the Apache box. (You can forward a new HTTPS session as well, if you're really paranoid about your own network, but then you have to put a cert on the Apache box too. It's better to set up an encrypted tunnel in that case.)

You can do everything from the IIS manager, beginning with creating a request and ending with importing the pfx file from the provider. If the provider doesn't issue a pfx, then you'll have to manually combine it all into one file with openssl:

openssl pkcs12 -export -inkey openssl_key.pem -in openssl_crt.pem \
  -chain -out openssl_key_crt.p12 -name openssl_key_crt

If you don't have the intermediate chain certificates on your system, you'll have to swap -chain for -certfile concatenated_cert_file.pem instead, which the provider always has available.

SilverbackNet
  • 383
  • 2
  • 10