Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Wildcard SSL Reverse Proxy

    webGUI
    1
    1
    1770
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • T
      tbovingdon
      last edited by

      HI Everyone.. I am going CRAZY!

      First of background:

      1 external IP.
      3 internal servers requiring https.
      server1.domain.com
      server2.domain.com
      other.domain2.com

      have vaild certs for server1.domain.com,server2.domain.com,server1.domain2.com. I realize what i am about to do does not allow for a "valid" cert for other.domain2.com.. that i don't care.

      Importing valid certs for server1, server2 to pfsense certmanager, and selecting server1 as the cert to use for reverse proxy works EXACTLY how i'd expect, browseing to https://server1.domain.com, works fine. Browsing to server2, and other, produces a warning. go figure.

      we now want to bring server3, server4.domain.com and such purchased a rapidssl wildcardcert. we've successfully used this cert on 2 other servers that aren't on this pfsense. we know it works. Using the recommendations from : http://forum.pfsense.org/index.php/topic,48210.msg254283.html#msg254283

      We put the cert from rapidssl in first, then paste:https://knowledge.rapidssl.com/library/VERISIGN/ALL_OTHER/RapidSSL%20Intermediate/RapidSSL_CA_bundle.pem, then paste the bottom root ca :https://knowledge.rapidssl.com/support/ssl-certificate-support/index?page=content&id=SO20329&actp=search&viewlocale=en_US&searchid=1377833490652

      we paste the rsa encrypted key in the key spot, and cert appears to import successfully. GO to reverse proxy and select newly updated cert, and it gives us the finger and does not allow ANY traffic to flow.. page cannot be displayed. Switch back to the imported vaild server1 cert and hit refresh reverse proxy is working as expected..

      Are we incorrect in the assumption that a wild card cert will work for this or did I screw something up?

      .. I need to take my own advice and rubber duck it. http://c2.com/cgi/wiki?RubberDucking … issue was the RSA encrypted key.. all working as expected now!

      1 Reply Last reply Reply Quote 0
      • First post
        Last post