Wildcard SSL Reverse Proxy
-
HI Everyone.. I am going CRAZY!
First of background:
1 external IP.
3 internal servers requiring https.
server1.domain.com
server2.domain.com
other.domain2.comhave vaild certs for server1.domain.com,server2.domain.com,server1.domain2.com. I realize what i am about to do does not allow for a "valid" cert for other.domain2.com.. that i don't care.
Importing valid certs for server1, server2 to pfsense certmanager, and selecting server1 as the cert to use for reverse proxy works EXACTLY how i'd expect, browseing to https://server1.domain.com, works fine. Browsing to server2, and other, produces a warning. go figure.
we now want to bring server3, server4.domain.com and such purchased a rapidssl wildcardcert. we've successfully used this cert on 2 other servers that aren't on this pfsense. we know it works. Using the recommendations from : http://forum.pfsense.org/index.php/topic,48210.msg254283.html#msg254283
We put the cert from rapidssl in first, then paste:https://knowledge.rapidssl.com/library/VERISIGN/ALL_OTHER/RapidSSL%20Intermediate/RapidSSL_CA_bundle.pem, then paste the bottom root ca :https://knowledge.rapidssl.com/support/ssl-certificate-support/index?page=content&id=SO20329&actp=search&viewlocale=en_US&searchid=1377833490652
we paste the rsa encrypted key in the key spot, and cert appears to import successfully. GO to reverse proxy and select newly updated cert, and it gives us the finger and does not allow ANY traffic to flow.. page cannot be displayed. Switch back to the imported vaild server1 cert and hit refresh reverse proxy is working as expected..
Are we incorrect in the assumption that a wild card cert will work for this or did I screw something up?
.. I need to take my own advice and rubber duck it. http://c2.com/cgi/wiki?RubberDucking … issue was the RSA encrypted key.. all working as expected now!