HTTPS in Rest Architecture

3

I have a web service written using SpringBoot running on Tomcat and a client application written in AngularJS running on Apache2. I would like to know how the SSL issue works for this case. Should SSL be configured on Tomcat and Apache2? If so, can I use the same certificate (both applications are on the same host)? My need is beyond the security itself to have the site in HTTPS. Thank you very much in advance.

    
asked by anonymous 14.02.2017 / 11:52

1 answer

3

Yes, you can use the same certificate as long as:

  • Use a domain certificate ( *.dominio.com.br ), which is generally not recommended for security reasons, or
  • A certificate with a list of multiple alternate target names - Multiple Subject Alternative Names, or multiple SANs - ( api.dominio.com.br and app.dominio.com.br , for example): > link

You will also need to consider CORS, as communication will take place between sub-domains.

    
14.02.2017 / 17:08