Hi Everyone,
I have a question in regards to SSL Certificate setup.
I currently have an environment for a public-facing SharePoint web application which has the following setup:
Public Cloud > 2 x Load Balancers > 2 x Reverse Proxy Servers (WAP) > Windows Load Balancer > 2 x SharePoint Web Servers
(Firewall excluded for simplicity)
I would need to purchase a public SSL certificate for this web application. Requests to the Reverse Proxy servers must be HTTPS and requests to SharePoint Web Servers must be HTTPS (as I am using high-trust SharePoint Apps/Add-ins). Only 1 URL (e.g. app.contoso.com) is required to be secured.
I am not looking at self-signed certificates due to the nature of browser warnings but could explore issuing internal CA certificates as well.
My question is:
- How many SSL certificate and licenses do I need to purchase? Since its only 1 URL, I would assume only 1 cert need to be purchased but with multiple license for each server I am installing the certificate to.
- Where do I install these certificates? Reverse Proxy as well as Web Servers?
- Can I use public SSL certs to the Reverse Proxy and use internal CA issued certs in the Web Servers? Would users have any issue with browser SSL warnings if I do that?
Thank you in advance for your help on this.
