Setting up a load balancer with https and a valid certificate (Apache Users)

Hello,

I am not an expert, so I apologize if my question is unclear.

I have a problem with setting up a load balancer that supports ssl with a valid certificate.

It works ok when I refer to the balancer members by a valid DNS name.

However, if I just put the IP address of the balancer members, I get

ERROR: certificate common name '*.mydomain.com' doesn't match requested host name '52.26.53.37'.

I am following the load balancer sample config found here:

https://httpd.apache.org/docs/2.4/mod/mod_proxy_balancer.html

that I adapted to ssl, here is my ssl.conf :

<VirtualHost *:443>
SSLEngine On
SSLCertificateFile /etc/pki/tls/certs/wildcard.mydomain.com.crt
SSLCertificateKeyFile /etc/pki/tls/private/wildcard.mydomain.com.key
SSLCACertificateFile /etc/pki/tls/certs/wildcard.mydomain.com.chain.crt

ErrorLog /var/www/mydomain.com/logs/error.log
CustomLog /var/www/mydomain.com/logs/access.log combined

ProxyRequests off
<Proxy balancer://cluster>

# Using valid DNS names for the members works well

BalancerMember https://ws1.mydomain.com/
BalancerMember https://ws2.mydomain.com/

# Using the IP address of the members returns the certificate error given above

#BalancerMember http://52.73.75.46/
#BalancerMember http://52.26.53.37/

ProxySet lbmethod=byrequests
</Proxy>

<Location /balancer-manager>
SetHandler balancer-manager
</Location>

# ProxyPreserveHost On
ProxyPass /balancer-manager !
ProxyPass / balancer://cluster/

</VirtualHost>

I would like to be able to use only the IP addresses so that I can add a variable number of BalancerMember that I could start dynamically on a cloud setup.

Using a DNS entry for each BalancerMember makes everything more complicated.

Is there a way to configure httpd so that only the load balancer servers needs to have a valid certificate and a DNS name ?

All the balancerMembers behind the load balancer would exist only with their IP address.

Thank you

Gilbert