Imperva Cyber Community

 View Only

⭐ Imperva Insights: If the SSL Certificate of an origin server is a self-signed certificate, can an Imperva SSL Certificate be issued?

  • 1.  ⭐ Imperva Insights: If the SSL Certificate of an origin server is a self-signed certificate, can an Imperva SSL Certificate be issued?

    Posted 12-20-2019 10:40

    Hello Impervians! 

    I hope everyone has had a great week! To close out this week, here is your dose of #ImpervaInsights on SSL Certificates: 

    If the SSL Certificate of an origin server is a self-signed certificate, can an Imperva SSL Certificate be issued?

    What do our product experts have to say?​

    Yes, the certificate can be generated on the Imperva side.

    It is important to have a valid certificate on the server's end to ensure that all traffic will be secured. When onboarding a site to Imperva, there are two connections that need to be secured instead of just one secured connection without it:

    Imperva <--> Origin Server

    End-User <--> Imperva

    In order to achieve this, there should be SSL certificates on both connections. The first connection will use an SSL certificate installed on your web-server (could be a certificate purchased from a CA or a self-signed certificate you can create for free on your own), while the second one will be an Imperva-generated certificate (GlobalSign/Comodo) we provide free-of-charge for any site under a paid account. Please note that the certificate shown to the end-user is the one used for the second connection.

    If you choose to purchase a certificate for your server rather than sign one yourself, you may choose to upload it as a custom certificate instead of using the Imperva one.

    To sum-up, a right configuration will look like this, and the certificate needs to be valid:

    Origin Server <--Self-Signed / CA cert.--> Imperva <--Imperva-generated GlobalSign/Comodo cert. / Custom cert.--> End-User

    What other questions have you encountered with SSL Certificates?

    #ssl 

     

    ​​
    #CloudWAF(formerlyIncapsula)

    ------------------------------
    Christopher Detzel
    Community Manager
    Imperva
    ------------------------------