Here is my current architecture: I have a simple site hosted in the cloud that needs to be served from my company. Thus, mysite.com has a CNAME redirect to 1234.cloud.com. I understand that the SSL certificate needs to be created for mysite.com.
Here are my questions:
a) how does the CNAME redirect work when fetching content? does DNS resolve the cloud IP address and allow just one HTTP connection to the cloud or is the HTTP connection sent to my server and then relayed to the cloud? which server presents the SSL cert for mysite.com? I believe that I need to configure a local server to offer the SSL certificate because DNS alone would not suffice, but I am not sure on the architecture.
b) how can I ensure that the communication between my server and the cloud is also encrypted? do I need to configure client/server SSL between the two servers?