Hi Nishanth,
Thanks for posting.
This link on our
Imperva Documentation Portal may help answer your question. Here is the main content...
" On-Premises (SecureSphere) gateway supports Hardware Security Module ( HSMs ) cards and SSL Accelerator cards.
Below description can help you to choose which card to use
- When On-Premises (SecureSphere) gateway installed with HSM card already, you will not need an SSL accelerator card, as HSM card also includes SSL acceleration function inside.
- When On-Premises (SecureSphere) gateway is configured as non active mode ( sniffing or transparent bridge) , it does not participate in SSL termination, if FIPS complince is not required for the traffic and only SSL Accelerator card installed then HSM is optional.
- When On-Premises (SecureSphere) gateway is configured as reverse proxy mode ( KRP or TRP ), it participate in SSL termination, hence HSM is required for FIPS compliance, you will need both SSL accelerator card and HSM card.
- For On-Premises (SecureSphere) to be FULLY compliant with FIPS, HSM card is required regardless of the mode of the gateway. "
Let me know if you require further information.
Thanks,
------------------------------
Sarah Lamont
Digital Community Manager
------------------------------
Original Message:
Sent: 08-03-2021 10:55
From: Nishanth Minikkaran
Subject: HSM and SSL accelerator card Relation
We are using ssl accelerator card,
My question is in order to perform ssl offloading by ssl card, do we need to enable HSM when we upload the certificate on WAF?
#On-PremisesWAF(formerlySecuresphere)
------------------------------
Nishanth M
Allianz Technology.
------------------------------