[7.921][FEATURE][CLOSED] WAF does not validate internal certificate

I don't know if this is a bug or a missing feature but in my opinion it is necessary for security reason.

When I publish an internal HTTPS site with WAF it doesn't check if the internal certificate is valid and issued by a trusted CA. My internal web server uses a certificate issued by my internal Microsoft Enterprise CA. This CA is not know to the Astaro box but I can publish the website without any problem.

In my opinion this should work like the Web Security HTTPS Proxy. I should have to import my internal CA certificate so that WAF can build a "chain of trust" (or how want to call it). If the internal certificate can not be validated there should be no access to the internal webserver.

Greetings,
TPok

0 Astaro Beta Bot over 15 years ago

Astaro Beta Report
--------------------------------
Version: 7.921
Type: FEATURE
State: CLOSED
Reporter: TPok+
Contributor: 
MantisID: 
Target version: 
Fixed in version: 
--------------------------------

0 kbr over 15 years ago

From my point of view, this is not a problem that the ASG can solve. If you can't trust your LAN, your doomed anyway. I would even argue that it is a feature that you don't need to configure and manage these additional certificates.
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel

[7.921][FEATURE][CLOSED] WAF does not validate internal certificate

Submitted a Tech Support Case lately from the Support Portal?