• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

Wildcard SSL Reverse Proxy

Scheduled Pinned Locked Moved webGUI
1 Posts 1 Posters 2.0k Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • T
    tbovingdon
    last edited by Aug 30, 2013, 4:39 AM Aug 30, 2013, 3:47 AM

    HI Everyone.. I am going CRAZY!

    First of background:

    1 external IP.
    3 internal servers requiring https.
    server1.domain.com
    server2.domain.com
    other.domain2.com

    have vaild certs for server1.domain.com,server2.domain.com,server1.domain2.com. I realize what i am about to do does not allow for a "valid" cert for other.domain2.com.. that i don't care.

    Importing valid certs for server1, server2 to pfsense certmanager, and selecting server1 as the cert to use for reverse proxy works EXACTLY how i'd expect, browseing to https://server1.domain.com, works fine. Browsing to server2, and other, produces a warning. go figure.

    we now want to bring server3, server4.domain.com and such purchased a rapidssl wildcardcert. we've successfully used this cert on 2 other servers that aren't on this pfsense. we know it works. Using the recommendations from : http://forum.pfsense.org/index.php/topic,48210.msg254283.html#msg254283

    We put the cert from rapidssl in first, then paste:https://knowledge.rapidssl.com/library/VERISIGN/ALL_OTHER/RapidSSL%20Intermediate/RapidSSL_CA_bundle.pem, then paste the bottom root ca :https://knowledge.rapidssl.com/support/ssl-certificate-support/index?page=content&id=SO20329&actp=search&viewlocale=en_US&searchid=1377833490652

    we paste the rsa encrypted key in the key spot, and cert appears to import successfully. GO to reverse proxy and select newly updated cert, and it gives us the finger and does not allow ANY traffic to flow.. page cannot be displayed. Switch back to the imported vaild server1 cert and hit refresh reverse proxy is working as expected..

    Are we incorrect in the assumption that a wild card cert will work for this or did I screw something up?

    .. I need to take my own advice and rubber duck it. http://c2.com/cgi/wiki?RubberDucking … issue was the RSA encrypted key.. all working as expected now!

    1 Reply Last reply Reply Quote 0
    1 out of 1
    • First post
      1/1
      Last post
    Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
      This community forum collects and processes your personal information.
      consent.not_received