Question: Is it possible to set this up, when you have no access to the certificate itself?

[johannesjo]

On a managed server I am unable to access the certificates, because I am lacking the required rights. Is it possible to use this module or to set up loopback in any way that I can use SSL without specifying the path to the certificate? The server is running Apache and in this context ssl is working fine.

[slahiri]

Scenarios:

1. The loopback application is behind the load balancer and connectivity between lb and loopback does not need SSL. In that scenario, you don't need this module.
2. You need a SSL connectivity between Load Balancer and Loopback. In this case your load balancer will be configured with the public/exposed domain name and SSL certificate and the Loopback can be configured with an internal certificate signed with same certificate provider
3. The loopback itself is public - in this case your app needs access to public certificate (Very rare and and not an ideal scenario)

[johannesjo]

Thank you very much for your response!

There is no Load Balancer in place, as it would be overkill for my use case.

What do you mean by 3? I need the api generated by loopback to be public (at least for the get methods). Would you recommend using another wrapper around the api interface generated bei lb?

[slahiri]

1. What is the role of Apache mentioned in your original text
2. The loopback application - is it an internal application (within a secure network) or will it be exposed over internet?
3. What kind of environment are you deploying it (Knowledge of this can help me give the answer in some context)

[johannesjo]

1. Apache manages the SSL certificate and serves some other static html apps.
2. The loopback application will be served over the internet.
3. I'm in a managed virtual server environment run on Debian 9 (Stretch) , so unfortunately there is not much to adjust.