I have a question about the SSL handshake being established between Imperva and the backend. Assume the client to Imperva side is configured properly.
If the backend has a self signed certificate does Imperva try to validate its authenticity automatically as soon as the site is onboarded to Imperva. Does this process of authentication cause problems for the administrator when Imperva does not trust the backend server certificate?
If so, to overcome this problem is there a way to disable the SSL certificate validity check and tell the CWAF to accept any SSL cert provided by the backend without considering if it can be trusted or untrusted.
Or to put it simply can the CWAF work with self signed certificates or should there always be trusted certificates for the backend to work properly?
By default, the proxy doesn't check whether the Origin Server certificate is expired or if it contains an incorrect CN. Therefore, CWAF can work with self signed certificates without any issues. You can work with Imperva Support to change this behavior an enforce certificate validation if needed. This will include the following checks:
Let me know if you have any further questions.