I am having some troubles installing my SSL certificate.
Here is the situtation: I have baught a certificate for the domain client.lexcelera.com. The problem is that client.lexcelera.com is redirected to our livebox IP via a WAN connection. So when I install the cetificate on our server (which is a local one), I have a certificate mismatch error.
I am using aol server on a CentOs 6.4 server. We are using pound to listen to the ports.
Here is pound.cfg file:
ListenHTTP
Address 0.0.0.0
Port 85
End
ListenHTTPS
Address 0.0.0.0
Port 443
Cert "/etc/ssl/certs/server.pem"
Service
HeadRequire "Host:\s*client\.lexcelera\.com.*"
BackEnd
Address 80.15.156.1
Port 8000
End
End
End
(80.15.156.1 is the livebox IP)
I'm not sure what I'm supposed to do in this case. Any idea?
Thanks!
It sounds like pound is acting as a reverse proxy. If so, you would only install the public certificate on the server hosting pound - not on the backend server. In fact, it would be quite common to use HTTP without ssl for the backend connection.
If you do require transport security between your proxy and the backend, you should use a second self signed certificate trusted by the proxy.
As a third but unnecessarily complicated option, you could use split brain DNS, but such a thing would be only rarely advisable.