Proxy a secure https to untrusted https site

1
votes

So i want to setup a payment server with hibiscus (https://www.willuhn.de/products/hibiscus-server/) and make the connection encrypted with a trusted certificate. Hibiscus is basically a java servlet which creates a own self signed ssl certificate, which acording to the author can not be replaced with another ssl certificate because the private key is used to encrypt other things.

So my idea is: Setup nginx with a proxy from port 443 to hibiscuses port 8080, tell nginx to trust the certificate of hibiscus and encrypt nginx's 443 with a letsencrypt cert. nginx would need to unpack the secure content form hibiscus and then repack it as its own content right?

Does anyone now if this is possible and how?

All help is much appreciated

1
sslnginxreverse-proxy
Did you find a solution for this? I am currently running into the same problem ...aurora
Well, i finally figured out how to give a lets encrypt cert to the insecure service. So i only avoided the problem, sorryJonas Kreusch

1 Answers

0
votes

It's not secure. Self signed certificate is not trusted by all of the browsers since the certificate is not signed by any trusted CA, which means, user may suffer from a man-in-the-middle attack. Consider what will happen if I also make a payment server and publish my self signed certificate? User agent can not distinguish which one is real at all.