Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 6 replies
  • Subscribers 1 subscriber
  • Views 6281 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

virtual webserver using TLS/SSL and with multiple vhosts

rE3RUste
Hello,

I have been able to set up SOPHOS UTM 9 to work with a small webserver on port 80. For doing this I followed the following tutorial:

https://www.howtoforge.com/how-to-protect-your-web-server-with-sophos-utm

and 

http://www.sophos.com/en-us/support/knowledgebase/120388.aspx

I am now trying to set allow my apache vhosts to be exposed onto the internet however I have a few questions I wanted to ask you first:

When adding a new virtual webserver (for port 443) should I pick "Type Encrypted"? If I do so then why do I need to select a certificate there? I already generated a self signed cirtificate on my server so why do I need one there too? If that is the case then I would have a certificate for multiple different domains? 

How can I make this work with apache vhosts? 

If anyone has got this to work please let me know.
Thank you
George


This thread was automatically locked due to age.
Parents
  • 0
    George, there are reasons to avoid creating a DNAT on port 443, so you will want to use Webserver Protection (reverseproxy) for this.  Just add the certificates in 'Certificate Management' for the domains using https that are hosted on your web server, create the HTTPS Virtual Servers and associate the correct certificate to each one.

    Another point is that you can just use the UTM to do the HTTPS with the outside world and use a non-SSL connection between the UTM and the web server.

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Reply
  • 0
    George, there are reasons to avoid creating a DNAT on port 443, so you will want to use Webserver Protection (reverseproxy) for this.  Just add the certificates in 'Certificate Management' for the domains using https that are hosted on your web server, create the HTTPS Virtual Servers and associate the correct certificate to each one.

    Another point is that you can just use the UTM to do the HTTPS with the outside world and use a non-SSL connection between the UTM and the web server.

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Children
No Data
Unfiltered HTML