Question
Why does the Silverline proxy infrastructure require a cert/key pair?
- What are the cert/key pairs used for on Silverline proxy infrastructure?
- Do Transparent SSL profiles require a cert/key pair? Why?
Environment
- Silverline DDoS
- Proxy / Proxies
- SSL Cert / Profile
- Cert/Key
Answer
The proxy setup requires a cert/key pair in order to allow the inspection on the layer 7 traffic in order to be able to inspect HTTPS encrypted traffic and be able to mitigate potential L7 attacks.
Even though Transparent SSL profiles do a pass-through only, our proxy infrastructure requires the cert/key pair in order to inspect traffic. With transparent profiles, we are not offloading SSL on our side, but only inspecting the traffic as it passes through our infrastructure.