How to buy and fasten an SSL certificate for samopisnogo REST service?

Good day!

Faced with the problem.
I have a frontend(Java, Spring) and backend(angular 4).
I need to add HTTPS to all.
I added an SSL certificate for the front-end, but I also need to add the certificate to the backend.

And here is the question - how do I buy a certificate for the backend?
After all, when you purchase certificates, you will need to confirm or domain, or something else...and I have hand REST server, which revolve on a rented virtual server.
April 4th 20 at 00:38
2 answers
April 4th 20 at 00:40
Solution
1. why do you need ssl in your sandbox, you rock CPU cycles is not clear why.
2. release your own certificate and sign their services.

Configuring a trust chain reviews purely in your hands. However, you can get a wilcard certificate, and to resolve access on the firewall level or at the level of the application to allow or disallow access from a specific host and port
@shannon_Krajcik41 , thanks for Your answer!
The fact is that, as I understand it, the browser checks the signature not only of the certificate of the frontend, but it is important what certificate is used when accessing this frontend to the server.
I originally thought to be confined to a certificate for the frontend, but did not consider the time that the app is actually entirely loaded to the user and requests the server has actually directly from the user, and therefore need HTTPS for communicating with the server.
And it turns out that as it would be for frontend as such I certificate is not needed, or I again something not quite understand.... - Brett.Haley commented on April 4th 20 at 00:43
@coralie.Torphy, See in the case of a typical configuration:

Nginx: ports 80 and 443 are aimed at the external ip is installed ssl certificate for your external server

Your backend is cached in nginx, deployed on local port 5000 or 8080 or 8000
The outside is not available for reasons of security and speed.

Nginx redirects all requests for location https://you_site_name.ru/api
On 127.0.0.1:5000 or valid addresses from a pool of workerb

10.0.0.2:5000
10.0.0.3:5000
10.0.0.4:5000

Therefore, the browser only deals with the external server https://you_site_name.ru/api - Estevan33 commented on April 4th 20 at 00:46
@shannon_Krajcik41 , as I understand it, I need in any case to the server that works in conjunction with the front end, had its domain name, which will be recorded on the certificate.
I tried with self-signed certificate and I have the lockdown browser, i.e., on frontend I have the error ERR_CERT_AUTHORITY_INVALID until that moment, until I go through the browser directly to the website and tell him what to connect safely. Only after that the frontend starts to work.
It turns out I anyway anywhere without the normal certificate that is recognized by browsers.
And, in the case of leased VPS if I want to change VPS, I need to reconfigure bind domain name - IP address of the server. - Brett.Haley commented on April 4th 20 at 00:49
@coralie.Torphy, something in the course you don't.
From the outside you, these hosts do not self-subscription should be available. But the connection can be configured as CA with the known and the unknown.

Check this article https://abc-server.com/ru/blog/administration/crea...
The idea is you have to have access to the servers only on the inside, check for curl is that there were no errors in the field of ssl - Estevan33 commented on April 4th 20 at 00:52
Probably I do something differently clocked.
Here they write that I have a problem with the limitations of the browser
Put on the backend nginx in the role of a proxy, register a domain name for the backend, has acquired the certificate for the domain name and now all is well :)
Now I really don't need a certificate, the certificate for the frontend, because I can go without https, but it connects to the backend via HTTPS (viewed using wireshark). - Brett.Haley commented on April 4th 20 at 00:55
April 4th 20 at 00:42
nginx as a proxy and a certificate from letsencrypt.

Find more questions by tags JavaDigital certificates