There are three ways to configure SSL.
...
| FQDN | Internal IP | External IP | |
|---|---|---|---|
| Front-End | account.mydomain.com | 10.0.0.1 | 90.100.110.120 |
| Back-End Node 1 | back-end-1.mydomain.com | 10.1.0.1 | <none> |
| Back-End Node 2 | back-end-2.mydomain.com | 10.1.0.2 | <none> |
In the different configuration modes, SSL Certificates would be configured as shown in the following table
...
| Front-End Terminated SSL | SSL Pass-Through | Front-End Terminated SSL With Back-End SSL | |
|---|---|---|---|
| Front-End Certificate DN | cn=account.mydomain.com | <no SSL certificate> | cn=account.mydomain.com |
| Back-End Node 1 Certificate DN | <no SSL certificate> | cn=account.mydomain.com | cn=back-end-1.mydomain.com |
| Back-End Node 2 Certificate DN | <no SSL certificate> | cn=account.mydomain.com | cn=back-end-2.mydomain.com |
Terminate SSL to the Reverse Proxy
...
Encrypt traffic separately between Front-End and Back-End servers.
These scripts will generate self-signed SSL certificates that uses each host's IP address in the cn-field.
On the Master Node, run config-wildfly-domain-cert-master.sh
...