Imperva Cyber Community

Expand all | Collapse all

HSM and SSL accelerator card Relation

  • 1.  HSM and SSL accelerator card Relation

    Posted 08-03-2021 10:56
    We are using ssl accelerator card, 
    My question is in order to perform ssl offloading by ssl card, do we need to enable HSM when we upload the certificate on WAF?

    Nishanth M
    Allianz Technology.

  • 2.  RE: HSM and SSL accelerator card Relation

    Community Manager
    Posted 08-05-2021 08:09
    Hi Nishanth,

    Thanks for posting. 

    This link on our Imperva Documentation Portal​​ may help answer your question. Here is the main content...

    " On-Premises (SecureSphere) gateway supports Hardware Security Module ( HSMs ) cards and SSL Accelerator cards. 

    Below description can help you to choose which card to use 

    • When On-Premises (SecureSphere) gateway installed with HSM card already, you will not need an SSL accelerator card, as HSM card also includes SSL acceleration function inside.
    • When On-Premises (SecureSphere) gateway is configured as non active mode ( sniffing or transparent bridge) , it does not participate in SSL termination, if FIPS complince is not required for the traffic and only SSL Accelerator card installed then HSM is optional.
    • When On-Premises (SecureSphere) gateway is configured as reverse proxy mode ( KRP or TRP ), it participate in SSL termination, hence HSM is required for FIPS compliance, you will need both SSL accelerator card and HSM card.
    • For On-Premises (SecureSphere) to be FULLY compliant with FIPS, HSM card is required regardless of the mode of the gateway. "

    Let me know if you require further information.


    Sarah Lamont
    Digital Community Manager