Question
- This article provides information about the default Silverline backend SSL profile configuration
- Silverline_Server_Default
Environment
- Silverline WAF
- Silverline DDoS
- Proxy/Proxies
- SSL Certificate/SSL Frontend Profile/SSL Backend Profile
Answer
- Silverline allows proxy customers the option of terminating their SSL encrypted traffic inside of the service.
- The SSL sessions are terminated within Silverline infrastructure using proxy certificates and keys (SSL Front-End Profile). Then, Silverline creates a separate SSL session and use it to communicate back to your backend server (SSL Backend Profile).
- When using the Silverline_Server_Default backend SSL profile, it is the proxy negotiating the connection to the backend server, without validating the backend server certificate by default.
- There is also an admin section available to SOC (also available for Silverline_Server_Default profile) where we can configure the profile to authenticate the certificate presented by the backend server.
- These settings are disabled by default, but can be switched on by the SOC.