<div dir="ltr"> If you're using nginx as a reverse proxy you'll want a cert set up on that node. Without it, worst case is your link between the proxy and the IIS server is secure but your link between the remote client and the proxy will be insecure defeating the whole purpose. Best case is an error will be thrown to the remote client either for a protocol mismatch or being unable to connect to 443 after a forced reconnection. At least in the latter case you wouldn't be leaking data over the wire.<div> If you're using SSL between the proxy and IIS you don't need the IIS server certificate's private key. nginx just needs to be able to verify the certificate chain as legitimate.</div><div><br></div></div><div class="gmail_extra"><br clear="all"><div><div class="gmail_signature"><div dir="ltr"><b style="color:rgb(25,25,25)"><div style="color:rgb(0,0,0);font-weight:normal"><b style="color:rgb(25,25,25)"><font face="Lucida Grande" size="1"><div style="color:rgb(0,0,0);font-weight:normal"><span style="color:rgb(25,25,25);font-weight:bold">__________________</span></div><div style="color:rgb(0,0,0);font-weight:normal"><div style="margin:0px"><font color="#191919"><b><br></b></font></div><div style="margin:0px"><font color="#191919"><b>Scott Larson</b></font></div><div style="margin:0px"><div style="margin:0px"><font color="#007EFD"><span style="color:rgb(0,0,0)"><div style="margin:0px"><font color="#191919"><b><div style="margin:0px;font-weight:normal;color:rgb(120,120,120)"><span style="color:rgb(25,25,25)"><b><div style="margin:0px;font-weight:normal;color:rgb(120,120,120)">Systems Administrator</div></b></span></div><div style="margin:0px;font-weight:normal;min-height:8px"><br></div><div style="margin:0px;font-weight:normal"><b>Wiredrive/LA</b></div><div style="margin:0px;font-weight:normal"><a value="+13108238238" style="color:rgb(17,85,204)">310 823 8238 ext. 1106</a></div><div style="margin:0px;font-weight:normal"><a value="+13109432078" style="color:rgb(17,85,204)">310 943 2078</a> fax</div></b></font></div><div style="margin:0px"><font color="#2498FC"><a href="http://www.wiredrive.com/" style="color:rgb(17,85,204)" target="_blank">www.wiredrive.com</a></font></div><div style="margin:0px"><font color="#2498FC"><span style="color:rgb(0,0,0)"><div style="margin:0px;color:rgb(120,120,120)"><div style="margin:0px"><a href="http://www.twitter.com/wiredrive" style="color:rgb(17,85,204)" target="_blank"><font color="#2498FC">www.twitter.com/wiredrive</font></a></div><div style="margin:0px"><font color="#2498FC"><a href="http://www.wiredrive.com/facebook" style="color:rgb(17,85,204)" target="_blank">www.facebook.com/wiredrive</a></font></div></div></span></font></div></span></font></div></div></div></font></b></div></b></div></div></div>
<br><div class="gmail_quote">On Mon, Dec 29, 2014 at 11:36 AM, Peter Fraser <span dir="ltr"><<a href="mailto:petros.fraser@gmail.com" target="_blank">petros.fraser@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr"><div><div><div><div>Hi All<br></div>I am very new to nginx and am currently doing a lot of reading but would just love to have a nudge in the right direction<br><br></div>I want to set up nginx as a reverse proxy for about three IIS servers behind a firewall.<br></div>One of them is a public web server that handles secure logins. It is configured with a certificate signed by a CA. Do I need to import the web server's private key on to the nginx box or is this something I don't need to worry about?<br><br></div>Regards.<br></div>
<br>_______________________________________________<br>
nginx mailing list<br>
<a href="mailto:nginx@nginx.org">nginx@nginx.org</a><br>
<a href="http://mailman.nginx.org/mailman/listinfo/nginx" target="_blank">http://mailman.nginx.org/mailman/listinfo/nginx</a><br></blockquote></div><br></div>