Port forwarding and SSL certificates

Support for security such as Firewalls and securing linux
logicprobe
Posts: 6
Joined: 2018/03/04 05:51:53

Port forwarding and SSL certificates

Postby logicprobe » 2018/03/07 16:26:28

Do SSL certificates work normally on a server that receives forwarded ports from a gateway?

I am setting up a server behind a gateway. The gateway will forward ports to the server. If the server has a SSL certificate but the gateway does not, will I have problems? Would https work through the forwarded port? Or will connection attempts see error messages about the certificate?

https ---> gateway (no SSL cert) ----> server (has SSL cert)

The gateway would be foo.bar.com in DNS, and the server would be the real "foo.bar.com" with the SSL certificate.

Will this work?

User avatar
avij
Forum Moderator
Posts: 2368
Joined: 2010/12/01 19:25:52
Location: Helsinki, Finland
Contact:

Re: Port forwarding and SSL certificates

Postby avij » 2018/03/07 16:36:18

https will work with forwarded ports and it does not require a certificate on the gateway.

pjsr2
Posts: 295
Joined: 2014/03/27 20:11:07

Re: Port forwarding and SSL certificates

Postby pjsr2 » 2018/03/07 17:15:56

When you use port forwarding the client still thinks that it connects to the hostname/IP address of the gateway.
So when the SSL certificate is used to verify the host name, as you do with https, the SSL certificate you serve from the server should be valid for the host name of the forwarding gateway.
https ---> gateway (no SSL cert) ----> server (has SSL cert)

Correct.