Can I use certificates on WAF?

nakasonogithub · April 16, 2019, 12:56pm

I got certificate on Server
but I want to use certificate on WAF(not the above server)

I copied certificate from server to WAF
It works but is not working well

for example, I used wget command, stdout is
“cannot verify fedorahosted.org’s certificate, issued by … Unable to locally verify the issuer’s authority. To connect to fedorahosted.org insecurely, use `–no-check-certificate’.”

Please help me.

My domain is:
webproxy.voip.ft.nttcloud.net
maku-nxgwebproxy.voip.ft.nttcloud.net
I want to use SANs certificate

I ran this command:
./certbot-auto certonly --webroot -w /root/tmp/httpserv -d webproxy.voip.ft.nttcloud.net -d maku-nxgwebproxy.voip.ft.nttcloud.net

It produced this output:
Succeed

My web server is (include version):
python SimpleHTTPServer

I can login to a root shell on my machine (yes or no, or I don’t know):
yes

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):
0.33.1

schoen · April 16, 2019, 2:11pm

Hi @nakasonogithub,

Let’s Encrypt certificates are meant to prove that you own a particular domain name. If you don’t own that domain name, you can’t get a Let’s Encrypt certificate for it, and it won’t be accepted by browsers for that name. Your certificate would only be usable for connections to your own server under its own name.

Let’s Encrypt certificates are not designed or intended for use on an intercepting web proxy.

system · May 16, 2019, 2:11pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.