Imperva Cyber Community

Expand all | Collapse all

Pinning origin certificate with different SAN

  • 1.  Pinning origin certificate with different SAN

    Posted 12-22-2020 07:55

    Hi,

    is possible to pin origin certificate and to tell Distil to reach origin querieng a different host header than the one coming from the client?

    So if the client is trying to reach www.asdasd.com- Distil will reach origin presenting connection as www.blablabla.com as an example...

    Best regards,

    Riccardo

     


    #ContentDeliveryNetwork

    ------------------------------
    Riccardo Roasio
    CriticalCase
    ------------------------------



  • 2.  RE: Pinning origin certificate with different SAN

    Posted 12-28-2020 07:32

    Yes I have done so before



    ------------------------------
    Ashlee Holten
    Ashlee Holten
    ------------------------------



  • 3.  RE: Pinning origin certificate with different SAN

    Imperva Employee
    Posted 12-28-2020 09:12

    I'm not sure about your Distil configuration, but if you are are using the Imperva connector (your sites are directing traffic through the Imperva Cloud WAF), then you can do the redirection there.

    Check out https://docs.imperva.com/bundle/cloud-application-security/page/more/cname-reuse.htm for an example.

    If you want to use a different domain on the backend than the one you create on the front end, you may need to use a Cloud WAF rule.  See https://docs.imperva.com/bundle/cloud-application-security/page/rules/create-rule.htm and search for "domain".  You may need to add the Advanced Delivery Rules/ Load Balancing feature to your Cloud WAF subscription to add the header rewrite action.  

    Jim



    ------------------------------
    Jim Burtoft
    Imperva
    PA
    ------------------------------