Reverse Proxy - Dealing with Certificates



Dealing with Reverse Proxy certificates on Windows Server

Because certificate renewal doesn´t work on Windows Server automatically behind the Reverse Proxy, you have to do it manually every 90 days. Reason for this not functioning is the assignment of ports 80 and 443 to the Reverse Proxy in the router. The renewal works on the Reverse Proxy as written above. So we only have to transport copies of the certificates for the domains to their locations inside the applications (here Windows Home Server 2011 and IceWarp Server).

To do this you can´t use the drag and drop function of WinSCP, which would be the easiest way, because of the access restrictions on the Reverse Proxy. We have to do it manually  on the Reverse Proxy. We copy the certificate files to a folder without access rights restrictions. After that we can use drag and drop using WinSCP.

The screen copies above show the transport of the certificate for domain You have to repeat this for domain too.


Dealing with Windows Server certificates on Reverse Proxy

Microsoft Windows Server uses built-in certificates for SSL and inside domain controller in pfx-format. This certificate has to be copied to Reverse Proxy and then to be made useful for NGINX. First you have to open the IIS Manager: