Imperva Cyber Community

communities_1.jpg
 View Only

  • 1.  CA certificate issue

    Posted 10-31-2022 11:04
    Hi everyone


    Here I come with another interesting issue :)

    The details of this deployment is as follows:

    1. WAF on premises.
    2. Version: 13.5.0.20_0
    3. Customer has a proxy that signed traffic based on policies.  Including traffic pointing to imperva sites.
    Issue:

    1- We see an error on the Threatradar dashboard related to not able to reach imperva servers

    2- We already checked access to the sites need to make it works and access it allows: WAF documentation

    3- We recorded a pcap on the MX and we discover that the issue is because of lack of trust on the CA certificate with the proxy signed imperva's cert.



    My question

    How can I upload that CA certificate in order to avoid this issue ? 


    Best regards







    #On-PremisesWAF(formerlySecuresphere)

    ------------------------------
    Freddy Brito
    Deploy, Support & Pre sales
    DAITEK S.A.
    Buenos Aires
    ------------------------------


  • 2.  RE: CA certificate issue

    Posted 11-02-2022 05:05
    Hi Freddy,

    You can apply following steps on MX as root user:
    1. cp -rp /etc/pki/java/cacerts /etc/pki/java/cacerts.bckp - To backup current java CA certificates
    2. /etc/alternatives/jre/bin/keytool -import -file /tmp/rootca.der -trustcacerts -alias Proxy_RootCA -keystore /etc/alternatives/jre/lib/security/cacerts -storepass changeit
          rootca.der: proxy certificate
          Proxy_RootCA: custom alias name that you can set it whatever you want
    3. impctl server restart

    ------------------------------
    Cezmi Cal
    technical support engineer
    Barikat Internet Guvenligi Bilisim Ticaret A.S.
    Ankara
    ------------------------------



  • 3.  RE: CA certificate issue

    Posted 11-02-2022 09:52
    Thanks Cezmi!!!

    That worked!! :)


    Best regards

    ------------------------------
    Freddy Brito
    Deploy, Support & Pre sales
    DAITEK S.A.
    Buenos Aires
    ------------------------------

    Original Message