Public Network with Reverse Proxy and HTTPS Termination

The last case is similar to the previous case. However, the reverse proxy does HTTPS termination. The hosts on the internal network can use HTTP. This is less secure than the configuration used in the previous scenario, but is one that is used commonly.

In this case one certificate signed by a commercial CA is needed for the reverse proxy. The public key for the commercial CA can be shared if necessary with users.