search close

Cloud WAF Certificate Management

access_time Updated Jun 20, 2021

Uploading a Certificate for use within Cloud WAF

In this section we’ll provide more information and details that are needed to upload an SSL/TLS certificate through the console for use within Cloud WAF. As of today, we only support certificates that are provided to us. Most commonly issued certificates are supported, including self-signed certificates.

Prerequisites

Before uploading your SSL/TLS certificate, ensure that your private key is not password protected, and certificate information is PEM formatted. Also note that at this time, no more than 26 certificates can be uploaded and each certificate must contain no more than 100 hostnames.

Manage certificates

  1. Log into the Signal Sciences console.
  2. From the Site Manage menu, select Cloud WAF Certificates. The Cloud WAF certificate management page appears.
  3. The Cloud WAF certificate management page allows you to:
    • Upload certificates.
    • Manage existing certificates.

About the certificate

To proceed with uploading a certificate, we’ll need information about the certificate and details from the certificate itself.

  • Name: This names the cert within our system and makes managing certificates easier. Ensure that your name is more than 4 characters.

  • Domain(s): This is the FQDN that you intend to protect with Cloud WAF. Note that the domain you input here must match what’s in the certificate. If uploading a multi-domain SAN certificate, it is only necessary to include the domains that you intend to protect with Cloud WAF. Our default behavior is to grab all the hostnames in the certificate if no FQDNs are specified in this field.

  • Region: The region that is selected here should be the area geographically closest to the upstream origin housing your web property. Reach out to your account rep if you’re uncertain on which region to select.

Certificate details

Once the name and domain(s) have been input and the region selected, provide the certificate information. Note that key/certificate information must be be uploaded unencrypted and in PEM formatting.

  • Private key
  • Certificate body
  • Certificate chain
    • Also known as the intermediate certificate. Note that the certificate chain is not required for self-signed certificates.

What happens after my certificate has been uploaded?

Once your certificate has been successfully uploaded, your account rep will reach out to you once provisioning has been completed and will provide you with next steps.

Deleting a Certificate

Once a certificate has been uploaded, it can be deleted from the view certificates section. Click on the View button after the certificate has been added and then simply click “Delete certificate”. Note that certificates cannot be deleted if we are in the process of provisioning your cloud WAF.

Limits

  • Certificates must be PEM encoded and private key must not be password protected.

  • Domains: At this time we can support no more than 100 domains in a single deployment.

  • Certificates: At this time we cannot support more than 26 certificates per deployment.