We're recently moved to full SSL and are looking to move SSL termination to the load balancer (haproxy), but can't work out how to configure Shibboleth to work properly in that configuration.
SSL certificates are installed on the SERVER and NOT on your PC
hence it is the server who has either a wrong or expired SSL certificate depending on the details shown to you if you look for the details.
I do not use Shibboleth but use LDAP with Moodle SSL being handled on Nginx reverse proxy. I did not have to make any changes to LDAP which was already running over ldaps.
What is the exact issue you are having with the Shibboleth connection?
The issue with Shibboleth is the configuration of the service provider software. It's using the post profile of SAML, so needs to redirect the user's browser to specific URLs in order to do its thing, but when the SSL termination is done on the load balancer we're having trouble working out how to configure Shibboleth to generate the correct URLs.
We know how it should work in theory - Shibboleth should use the Apache ServerName as the URL root - but haven't been able to get it to work. We were hoping to find someone who has already done this. I guess it's more of a Shibboleth issue than strictly a Moodle one, but it's related.
Ahh, sorry to not be more help then. I wonder if you could use some rewrite rules on your proxy to help in the process. Hopefully a Shibboleth expert will pipe up!