You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by Jeroen Verhoeckx <j....@protonmail.com.INVALID> on 2022/01/12 14:38:04 UTC
[users@httpd] Is it possible to install/configure SSL certificates on a server behind a reverse proxy?
Hello Apache specialist :-),
Last couple of months [I set up a server with two virtual machines](https://jeroenverhoeckx.com/build-your-own-personal-cloud.html). To reach those virtual machines I set up a reverse proxy and I configured the SSL certificates on the host.
My question:
Would it have been possible to install the SSL certificates in the virtual machines?
As far as I know, no, because then the reverse proxy can be seen as a 'man in the middle attack'.
This is why I configured the SSL certificates on the host, and as far as I know this is also how it should be (after reading some articles about it on the internet).
I do however also found the Apache directive [SSLProxyEngine](https://httpd.apache.org/docs/2.2/mod/mod_ssl.html#SSLProxyEngine). Is it possible with this directive the install/configure the SSL certificates inside the virtual machines?
I'm curious :-)!
Yours sincerely,
Jeroen Verhoeckx
--------------------------------------------------------
Support the independent web, use [Firefox](https://www.mozilla.org/en-US/firefox/new/)
Re: [users@httpd] Is it possible to install/configure SSL certificates on a server behind a reverse proxy?
Posted by Jeroen Verhoeckx <j....@protonmail.com.INVALID>.
Hello Jim,
Thanks for the warning!
In my case the HTTP traffic is only between the reverse proxy and a virtual machine running on the same host.
With my knowledge the traffic can only be intercepted when someone breaks into my system. It's a personal cloud service and I don't think many people are interested in it.
I'm talking about this set-up:
https://jeroenverhoeckx.com/build-your-own-personal-cloud.html
So, I think I'm relatively safe :-) .
Jeroen
--------------------------------------------------------
Support the independent web, use [Firefox](https://www.mozilla.org/en-US/firefox/new/)
‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐
On Thursday, January 13th, 2022 at 11:34 PM, Jim Albert <ji...@netrition.com> wrote:
> With regard to:
> reverse proxy --> HTTP --> back-end server
> and in respect to the sensitivity of your requests and responses, you might want to consider any security implications or if this violates any compliance requirements depending on the proximity of your proxy to your back-end server. It's likely the proxy -> back-end server stays within a very tight environment. However, that request and response is traveling some segment of network whether physical or virtual and likely only yours, unencrypted or perhaps protected at most by VPN encryption.
>
> On 1/13/2022 5:05 PM, Jeroen Verhoeckx wrote:
>
>> Hello Dino / HTH,
>>
>> Thank you for your very elaborate answer!!
>>
>> Your 'diagram' made it very clear!
>> Clients --> INTERNET --> Apache httpd reverse proxy (answer to HTTPS requests made by your clients) --> Your internal backend(s) (answer to HTTPS requests coming from your proxy).
>>
>> It's also good to know that I set-up my reverse proxy in the correct way (only installing the SSL certificates on the reverse proxy).
>> My set-up is: Clients --> HTTPS - -> reverse proxy --> HTTP --> back-end server
>>
>> There is no need in my set-up to use HTTPS between the reverse proxy and the back-end server.
>>
>> Thanks for clarification!
>>
>> Jeroen
>>
>> --------------------------------------------------------
>> Support the independent web, use [Firefox](https://www.mozilla.org/en-US/firefox/new/)
>>
>> ‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐
>> On Thursday, January 13th, 2022 at 7:15 PM, Dino Ciuffetti [<di...@tuxweb.it>](mailto:dino@tuxweb.it) wrote:
>>
>>> Apache httpd works at layer 7 (HTTP/HTTPS).
>>> You CANNOT have a reverse proxy at layer 4 with apache httpd where the X509 certificates are only needed on your backends (like HAProxy does).
>>>
>>> Clients --> INTERNET --> Apache httpd reverse proxy (answer to HTTPS requests made by your clients) --> Your internal backend(s) (answer to HTTPS requests coming from your proxy).
>>>
>>> The traffic between your internet clients and apache httpd is protected via TLS protocol (HTTPS) so you need a X509 certificate and its private key on your httpd public facing reverse proxy virtual host to terminate TLS internet traffic to your reverse proxy.
>>>
>>> If you also want your reverse proxy to talk to your internal backend(s) via HTTPS you also need a X509 certificate and private key on your HTTPS backend servers.
>>>
>>> RECAP: You will need a certificate released by a public (known to all major browsers) Certification Authority for your reverse proxy and a certificate released by a private Certification Authority (only known by your proxy and your backends) on your backends. You could even use self signed certificates on your private side, or mantain a private CA by yourself via openssl.
>>>
>>> HTH
>>>
>>> 13 gennaio 2022 12:58, "Jeroen Verhoeckx" <[j...@protonmail.com.invalid>)> wrote:
>>>
>>>> Thanks, great to know that it is possible!
>>>>
>>>> You write that you need to install the SSL certificates on both the reverse proxy and in the virtual machine (or another local server)?
>>>> Is that really necessary? I try to avoid duplication whenever that is possible.
>>>>
>>>> Do you have an example set-up somewhere?
>>>>
>>>> Thanks!!
>>>>
>>>> --------------------------------------------------------
>>>> Support the independent web, use [Firefox](https://www.mozilla.org/en-US/firefox/new/)
>>>>
>>>> ‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐
>>>> On Wednesday, January 12th, 2022 at 5:23 PM, Dino Ciuffetti <di...@tuxweb.it> wrote:
>>>>
>>>>>> My question:
>>>>>> Would it have been possible to install the SSL certificates in the virtual machines?
>>>>>
>>>>> YES. It's possibile to send Internet HTTPS traffic to an internal HTTPS service behind apache httpd as a reverse proxy.
>>>>> You eventally need to install same SSL certificates (but you don't have to necessarily) on both the reverse proxy and the internal service, enable SSLProxyProtol on your VHs and send the traffic to HTTPS via your ProxyPass.
Re: [users@httpd] Is it possible to install/configure SSL certificates on a server behind a reverse proxy?
Posted by Jim Albert <ji...@netrition.com>.
With regard to:
reverse proxy --> HTTP --> back-end server
and in respect to the sensitivity of your requests and responses, you
might want to consider any security implications or if this violates any
compliance requirements depending on the proximity of your proxy to your
back-end server. It's likely the proxy -> back-end server stays within a
very tight environment. However, that request and response is traveling
some segment of network whether physical or virtual and likely only
yours, unencrypted or perhaps protected at most by VPN encryption.
On 1/13/2022 5:05 PM, Jeroen Verhoeckx wrote:
> Hello Dino / HTH,
>
> Thank you for your very elaborate answer!!
>
> Your 'diagram' made it very clear!
> Clients --> INTERNET --> Apache httpd reverse proxy (answer to HTTPS
> requests made by your clients) --> Your internal backend(s) (answer to
> HTTPS requests coming from your proxy).
>
> It's also good to know that I set-up my reverse proxy in the correct
> way (only installing the SSL certificates on the reverse proxy).
> My set-up is: Clients --> HTTPS - -> reverse proxy --> HTTP -->
> back-end server
>
> There is no need in my set-up to use HTTPS between the reverse proxy
> and the back-end server.
>
> Thanks for clarification!
>
>
> Jeroen
>
> --------------------------------------------------------
> /Support the independent web, use //Firefox/
> <https://www.mozilla.org/en-US/firefox/new/>
>
>
>
> ‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐
> On Thursday, January 13th, 2022 at 7:15 PM, Dino Ciuffetti
> <di...@tuxweb.it> wrote:
>
>> Apache httpd works at layer 7 (HTTP/HTTPS).
>> You CANNOT have a reverse proxy at layer 4 with apache httpd where
>> the X509 certificates are only needed on your backends (like HAProxy
>> does).
>>
>> Clients --> INTERNET --> Apache httpd reverse proxy (answer to HTTPS
>> requests made by your clients) --> Your internal backend(s) (answer
>> to HTTPS requests coming from your proxy).
>>
>> The traffic between your internet clients and apache httpd is
>> protected via TLS protocol (HTTPS) so you need a X509 certificate and
>> its private key on your httpd public facing reverse proxy virtual
>> host to terminate TLS internet traffic to your reverse proxy.
>>
>> If you also want your reverse proxy to talk to your internal
>> backend(s) via HTTPS you also need a X509 certificate and private key
>> on your HTTPS backend servers.
>>
>> RECAP: You will need a certificate released by a public (known to all
>> major browsers) Certification Authority for your reverse proxy and a
>> certificate released by a private Certification Authority (only known
>> by your proxy and your backends) on your backends. You could even use
>> self signed certificates on your private side, or mantain a private
>> CA by yourself via openssl.
>>
>> HTH
>>
>>
>>
>> 13 gennaio 2022 12:58, "Jeroen Verhoeckx"
>> <j.verhoeckx@protonmail.com.invalid
>> <ma...@protonmail.com.invalid>>>
>> wrote:
>>
>> Thanks, great to know that it is possible!
>>
>> You write that you need to install the SSL certificates on both
>> the reverse proxy and in the virtual machine (or another local
>> server)?
>> Is that really necessary? I try to avoid duplication whenever
>> that is possible.
>>
>> Do you have an example set-up somewhere?
>>
>> Thanks!!
>>
>>
>>
>> --------------------------------------------------------
>> /Support the independent web, use //Firefox/
>> <https://www.mozilla.org/en-US/firefox/new/>
>>
>>
>>
>>
>> ‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐
>> On Wednesday, January 12th, 2022 at 5:23 PM, Dino Ciuffetti
>> <di...@tuxweb.it> wrote:
>>
>>> My question:
>>> /Would it have been possible to install the SSL certificates
>>> in the virtual machines?/
>>>
>>>
>>> YES. It's possibile to send Internet HTTPS traffic to an
>>> internal HTTPS service behind apache httpd as a reverse proxy.
>>> You eventally need to install same SSL certificates (but you
>>> don't have to necessarily) on both the reverse proxy and the
>>> internal service, enable SSLProxyProtol on your VHs and send the
>>> traffic to HTTPS via your ProxyPass.
>>
>>
>
Re: [users@httpd] Is it possible to install/configure SSL certificates on a server behind a reverse proxy?
Posted by Jeroen Verhoeckx <j....@protonmail.com.INVALID>.
Hello Dino / HTH,
Thank you for your very elaborate answer!!
Your 'diagram' made it very clear!
Clients --> INTERNET --> Apache httpd reverse proxy (answer to HTTPS requests made by your clients) --> Your internal backend(s) (answer to HTTPS requests coming from your proxy).
It's also good to know that I set-up my reverse proxy in the correct way (only installing the SSL certificates on the reverse proxy).
My set-up is: Clients --> HTTPS - -> reverse proxy --> HTTP --> back-end server
There is no need in my set-up to use HTTPS between the reverse proxy and the back-end server.
Thanks for clarification!
Jeroen
--------------------------------------------------------
Support the independent web, use [Firefox](https://www.mozilla.org/en-US/firefox/new/)
‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐
On Thursday, January 13th, 2022 at 7:15 PM, Dino Ciuffetti <di...@tuxweb.it> wrote:
> Apache httpd works at layer 7 (HTTP/HTTPS).
> You CANNOT have a reverse proxy at layer 4 with apache httpd where the X509 certificates are only needed on your backends (like HAProxy does).
>
> Clients --> INTERNET --> Apache httpd reverse proxy (answer to HTTPS requests made by your clients) --> Your internal backend(s) (answer to HTTPS requests coming from your proxy).
>
> The traffic between your internet clients and apache httpd is protected via TLS protocol (HTTPS) so you need a X509 certificate and its private key on your httpd public facing reverse proxy virtual host to terminate TLS internet traffic to your reverse proxy.
>
> If you also want your reverse proxy to talk to your internal backend(s) via HTTPS you also need a X509 certificate and private key on your HTTPS backend servers.
>
> RECAP: You will need a certificate released by a public (known to all major browsers) Certification Authority for your reverse proxy and a certificate released by a private Certification Authority (only known by your proxy and your backends) on your backends. You could even use self signed certificates on your private side, or mantain a private CA by yourself via openssl.
>
> HTH
>
> 13 gennaio 2022 12:58, "Jeroen Verhoeckx" <[j...@protonmail.com.invalid>)> wrote:
>
>> Thanks, great to know that it is possible!
>>
>> You write that you need to install the SSL certificates on both the reverse proxy and in the virtual machine (or another local server)?
>> Is that really necessary? I try to avoid duplication whenever that is possible.
>>
>> Do you have an example set-up somewhere?
>>
>> Thanks!!
>>
>> --------------------------------------------------------
>> Support the independent web, use [Firefox](https://www.mozilla.org/en-US/firefox/new/)
>>
>> ‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐
>> On Wednesday, January 12th, 2022 at 5:23 PM, Dino Ciuffetti <di...@tuxweb.it> wrote:
>>
>>>> My question:
>>>> Would it have been possible to install the SSL certificates in the virtual machines?
>>>
>>> YES. It's possibile to send Internet HTTPS traffic to an internal HTTPS service behind apache httpd as a reverse proxy.
>>> You eventally need to install same SSL certificates (but you don't have to necessarily) on both the reverse proxy and the internal service, enable SSLProxyProtol on your VHs and send the traffic to HTTPS via your ProxyPass.
Re: [users@httpd] Is it possible to install/configure SSL certificates on a server behind a reverse proxy?
Posted by Dino Ciuffetti <di...@tuxweb.it>.
Apache httpd works at layer 7 (HTTP/HTTPS).
You CANNOT have a reverse proxy at layer 4 with apache httpd where the X509 certificates are only needed on your backends (like HAProxy does).
Clients --> INTERNET --> Apache httpd reverse proxy (answer to HTTPS requests made by your clients) --> Your internal backend(s) (answer to HTTPS requests coming from your proxy).
The traffic between your internet clients and apache httpd is protected via TLS protocol (HTTPS) so you need a X509 certificate and its private key on your httpd public facing reverse proxy virtual host to terminate TLS internet traffic to your reverse proxy.
If you also want your reverse proxy to talk to your internal backend(s) via HTTPS you also need a X509 certificate and private key on your HTTPS backend servers.
RECAP: You will need a certificate released by a public (known to all major browsers) Certification Authority for your reverse proxy and a certificate released by a private Certification Authority (only known by your proxy and your backends) on your backends. You could even use self signed certificates on your private side, or mantain a private CA by yourself via openssl.
HTH
13 gennaio 2022 12:58, "Jeroen Verhoeckx" <j.verhoeckx@protonmail.com.invalid (mailto:j.verhoeckx@protonmail.com.invalid?to=%22Jeroen%20Verhoeckx%22%20<j....@protonmail.com.invalid>)> wrote:
Thanks, great to know that it is possible!You write that you need to install the SSL certificates on both the reverse proxy and in the virtual machine (or another local server)?Is that really necessary? I try to avoid duplication whenever that is possible.Do you have an example set-up somewhere?Thanks!!
--------------------------------------------------------
Support the independent web, use Firefox (https://www.mozilla.org/en-US/firefox/new/)
‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐
On Wednesday, January 12th, 2022 at 5:23 PM, Dino Ciuffetti <dino@tuxweb.it (mailto:dino@tuxweb.it)> wrote:
My question:Would it have been possible to install the SSL certificates in the virtual machines?
YES. It's possibile to send Internet HTTPS traffic to an internal HTTPS service behind apache httpd as a reverse proxy.
You eventally need to install same SSL certificates (but you don't have to necessarily) on both the reverse proxy and the internal service, enable SSLProxyProtol on your VHs and send the traffic to HTTPS via your ProxyPass.
Re: [users@httpd] Is it possible to install/configure SSL certificates on a server behind a reverse proxy?
Posted by Jeroen Verhoeckx <j....@protonmail.com.INVALID>.
Hello Jim,
Thanks for your answer / clarification!
It's now clear to me! And it's good to know that I set-up my servers correctly :-)!
Jeroen
--------------------------------------------------------
Support the independent web, use [Firefox](https://www.mozilla.org/en-US/firefox/new/)
‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐
On Thursday, January 13th, 2022 at 8:57 PM, Jim Albert <ji...@netrition.com> wrote:
> You absolutely want SSL certificates installed on your public facing proxy... signed by a well trusted CA if you want the rest of the world to trust your proxy.
> If you want your proxy to communicate encrypted to your back end/private web server then you need an SSL certificate on the back end.
> Only your proxy needs to trust your back end/private web server so the back end would be fine with either self signed or signed by your own CA and have the proxy trust either.
>
> Depending on how your public SSL certificate is configured or if the proxy will ignore any warnings on a mismatched CN/Subject Alternate Names you could use it for both.
>
> On 1/13/2022 6:58 AM, Jeroen Verhoeckx wrote:
>
>> Thanks, great to know that it is possible!
>>
>> You write that you need to install the SSL certificates on both the reverse proxy and in the virtual machine (or another local server)?
>> Is that really necessary? I try to avoid duplication whenever that is possible.
>>
>> Do you have an example set-up somewhere?
>>
>> Thanks!!
>>
>> --------------------------------------------------------
>> Support the independent web, use [Firefox](https://www.mozilla.org/en-US/firefox/new/)
>>
>> ‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐
>> On Wednesday, January 12th, 2022 at 5:23 PM, Dino Ciuffetti [<di...@tuxweb.it>](mailto:dino@tuxweb.it) wrote:
>>
>>>> My question:
>>>> Would it have been possible to install the SSL certificates in the virtual machines?
>>>
>>> YES. It's possibile to send Internet HTTPS traffic to an internal HTTPS service behind apache httpd as a reverse proxy.
>>> You eventally need to install same SSL certificates (but you don't have to necessarily) on both the reverse proxy and the internal service, enable SSLProxyProtol on your VHs and send the traffic to HTTPS via your ProxyPass.
>
> --
> Jim Albert
Re: [users@httpd] Is it possible to install/configure SSL certificates on a server behind a reverse proxy?
Posted by Jim Albert <ji...@netrition.com>.
You absolutely want SSL certificates installed on your public facing
proxy... signed by a well trusted CA if you want the rest of the world
to trust your proxy.
If you want your proxy to communicate encrypted to your back end/private
web server then you need an SSL certificate on the back end.
Only your proxy needs to trust your back end/private web server so the
back end would be fine with either self signed or signed by your own CA
and have the proxy trust either.
Depending on how your public SSL certificate is configured or if the
proxy will ignore any warnings on a mismatched CN/Subject Alternate
Names you could use it for both.
On 1/13/2022 6:58 AM, Jeroen Verhoeckx wrote:
> Thanks, great to know that it is possible!
>
> You write that you need to install the SSL certificates on both the
> reverse proxy and in the virtual machine (or another local server)?
> Is that really necessary? I try to avoid duplication whenever that is
> possible.
>
> Do you have an example set-up somewhere?
>
> Thanks!!
>
>
>
> --------------------------------------------------------
> /Support the independent web, use //Firefox/
> <https://www.mozilla.org/en-US/firefox/new/>
>
>
>
> ‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐
> On Wednesday, January 12th, 2022 at 5:23 PM, Dino Ciuffetti
> <di...@tuxweb.it> wrote:
>
>> My question:
>> /Would it have been possible to install the SSL certificates in
>> the virtual machines?/
>>
>>
>> YES. It's possibile to send Internet HTTPS traffic to an internal
>> HTTPS service behind apache httpd as a reverse proxy.
>> You eventally need to install same SSL certificates (but you don't
>> have to necessarily) on both the reverse proxy and the internal
>> service, enable SSLProxyProtol on your VHs and send the traffic to
>> HTTPS via your ProxyPass.
>
--
Jim Albert
Re: [users@httpd] Is it possible to install/configure SSL certificates on a server behind a reverse proxy?
Posted by Jeroen Verhoeckx <j....@protonmail.com.INVALID>.
Thanks, great to know that it is possible!
You write that you need to install the SSL certificates on both the reverse proxy and in the virtual machine (or another local server)?
Is that really necessary? I try to avoid duplication whenever that is possible.
Do you have an example set-up somewhere?
Thanks!!
--------------------------------------------------------
Support the independent web, use [Firefox](https://www.mozilla.org/en-US/firefox/new/)
‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐
On Wednesday, January 12th, 2022 at 5:23 PM, Dino Ciuffetti <di...@tuxweb.it> wrote:
>> My question:
>> Would it have been possible to install the SSL certificates in the virtual machines?
>
> YES. It's possibile to send Internet HTTPS traffic to an internal HTTPS service behind apache httpd as a reverse proxy.
> You eventally need to install same SSL certificates (but you don't have to necessarily) on both the reverse proxy and the internal service, enable SSLProxyProtol on your VHs and send the traffic to HTTPS via your ProxyPass.
Re: [users@httpd] Is it possible to install/configure SSL certificates on a server behind a reverse proxy?
Posted by Dino Ciuffetti <di...@tuxweb.it>.
My question:Would it have been possible to install the SSL certificates in the virtual machines?
YES. It's possibile to send Internet HTTPS traffic to an internal HTTPS service behind apache httpd as a reverse proxy.
You eventally need to install same SSL certificates (but you don't have to necessarily) on both the reverse proxy and the internal service, enable SSLProxyProtol on your VHs and send the traffic to HTTPS via your ProxyPass.
RE: [users@httpd] Is it possible to install/configure SSL certificates on a server behind a reverse proxy?
Posted by Jeroen Verhoeckx <j....@protonmail.com.INVALID>.
Ah, thanks, so it is possible!
I thought it wasn't possible (but hoped it would be) because the reverse proxy could be seen as a 'man in the middle attach'.
But great to know that it is possible!
What is the minimal configuration for such a setup?
You need the directives ProxyPass, ProxyPassReverse and ProxyPreserveHost?
Is the directive SSLProxyEngine also necessary?
--------------------------------------------------------
Support the independent web, use Firefox
‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐
On Wednesday, January 12th, 2022 at 4:47 PM, Marc <Ma...@f1-outsourcing.eu> wrote:
> You can just do that. I have also certs behind a reverse proxy. My whole 'virtual/internal' applications in containers is running with my own CA certificates and on the reverse proxy I have some certs from known CA's
>
> Specific for this setup is a proxy protocol, that informs the public ip addresses instead of local ones.
>
> Best is it to ask on something like the haproxy community.
>
> > My question:
> >
> > Would it have been possible to install the SSL certificates in the virtual
> >
> > machines?
> >
> > As far as I know, no, because then the reverse proxy can be seen as a 'man
> >
> > in the middle attack'.
> >
> > This is why I configured the SSL certificates on the host, and as far as I
> >
> > know this is also how it should be (after reading some articles about it
> >
> > on the internet).
> >
> > I do however also found the Apache directive SSLProxyEngine
> >
> > https://httpd.apache.org/docs/2.2/mod/mod_ssl.html#SSLProxyEngine . Is
> >
> > it possible with this directive the install/configure the SSL certificates
> >
> > inside the virtual machines?
> >
> > I'm curious :-)!
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
RE: [users@httpd] Is it possible to install/configure SSL certificates on a server behind a reverse proxy?
Posted by Marc <Ma...@f1-outsourcing.eu>.
You can just do that. I have also certs behind a reverse proxy. My whole 'virtual/internal' applications in containers is running with my own CA certificates and on the reverse proxy I have some certs from known CA's
Specific for this setup is a proxy protocol, that informs the public ip addresses instead of local ones.
Best is it to ask on something like the haproxy community.
> My question:
>
> Would it have been possible to install the SSL certificates in the virtual
> machines?
>
>
> As far as I know, no, because then the reverse proxy can be seen as a 'man
> in the middle attack'.
>
> This is why I configured the SSL certificates on the host, and as far as I
> know this is also how it should be (after reading some articles about it
> on the internet).
>
>
> I do however also found the Apache directive SSLProxyEngine
> <https://httpd.apache.org/docs/2.2/mod/mod_ssl.html#SSLProxyEngine> . Is
> it possible with this directive the install/configure the SSL certificates
> inside the virtual machines?
>
>
> I'm curious :-)!
>