Imperva Cyber Community

Expand all | Collapse all

SAN Certificate and CNAME Reuse

  • 1.  SAN Certificate and CNAME Reuse

    Posted 09-23-2020 08:03
    Hello everyone,

    I have a question regarding SAN certificates and CNAME Reuse that I can't find in the documentation, and I would like to know if Cloud WAF supports it.

    I would like to know if I can set up a site with my own SAN certificate that supports up to 250 domains, and take advantage of the CNAME Reuse to have all the domains (250) protected by Imperva Cloud WAF

    Thank you! Best regards.

    Alberto de Dios

  • 2.  RE: SAN Certificate and CNAME Reuse

    Imperva Employee
    Posted 09-23-2020 09:47
    Hi Alberto,

    You are correct; this particular scenario is not covered in the documentation - but it does technically work.

    A few things to be aware of:

    • All domains will receive the same WAF and BOT policy (including any exceptions you may create)
    • All domains receive the same caching policy and are part of a shared "pool" (this means if you purge the entire cache it is purged for all sites, you can take advantage of tagging rules to tag assets by domain)

    There are other things as well, but the two above are the main things to think through before "combining" multiple domains with CNAME reuse.

    Jaired Anderson
    Principal Consultant
    Tulsa OK

  • 3.  RE: SAN Certificate and CNAME Reuse

    Imperva Employee
    Posted 09-23-2020 11:21
    Hi Alberto,

    Please review this page and you can ask and question on that page also.
    A custom cert for SNI supported client is the best option here.

    The general advise is to have Load balancing license if you have multiple Origins and usage limit comes with BW subscription and not site count here.  Other design considerations have been shared by Jaired in his response so pls review them as well.  

    Abhishek Gupta
    Customer Success team