Hi Folks,
I have a question about the SSL handshake being established between Imperva and the backend. Assume the client to Imperva side is configured properly.
If the backend has a self signed certificate does Imperva try to validate its authenticity automatically as soon as the site is onboarded to Imperva. Does this process of authentication cause problems for the administrator when Imperva does not trust the backend server certificate?
If so, to overcome this problem is there a way to disable the SSL certificate validity check and tell the CWAF to accept any SSL cert provided by the backend without considering if it can be trusted or untrusted.
Or to put it simply can the CWAF work with self signed certificates or should there always be trusted certificates for the backend to work properly?
#CloudWAF(formerlyIncapsula)------------------------------
Sasith Senanayake
Associate Network and Security Engineer
Connex Information Technologies (Pvt) Ltd.
Colombo
------------------------------