Hello Impervians!
I hope everyone has had a great week! To close out this week, here is your dose of #ImpervaInsights on SSL Certificates:
If the SSL Certificate of an origin server is a self-signed certificate, can an Imperva SSL Certificate be issued?
What do our product experts have to say?
Yes, the certificate can be generated on the Imperva side.
It is important to have a valid certificate on the server's end to ensure that all traffic will be secured. When onboarding a site to Imperva, there are two connections that need to be secured instead of just one secured connection without it:
Imperva <--> Origin Server
End-User <--> Imperva
In order to achieve this, there should be SSL certificates on both connections. The first connection will use an SSL certificate installed on your web-server (could be a certificate purchased from a CA or a self-signed certificate you can create for free on your own), while the second one will be an Imperva-generated certificate (GlobalSign/Comodo) we provide free-of-charge for any site under a paid account. Please note that the certificate shown to the end-user is the one used for the second connection.
If you choose to purchase a certificate for your server rather than sign one yourself, you may choose to upload it as a custom certificate instead of using the Imperva one.
To sum-up, a right configuration will look like this, and the certificate needs to be valid:
Origin Server <--Self-Signed / CA cert.--> Imperva <--Imperva-generated GlobalSign/Comodo cert. / Custom cert.--> End-User
What other questions have you encountered with SSL Certificates?
#ssl
#CloudWAF(formerlyIncapsula)------------------------------
Christopher Detzel
Community Manager
Imperva
------------------------------