Sense Defence Certificate Management
Overview
Sense Defence is an AI-powered Web Application Firewall (WAF) solution that offers robust features for SSL (Secure Sockets Layer) certificate management. Users can opt between generating a free wildcard certificate or uploading their own SSL certificate. Additionally, there's an advanced end-to-end encryption option to enhance user traffic security.
SSL Certificate Management Options
1. Generate a Free Wildcard Certificate
Method: DNS-based.
Process:
- Sense Defence will provide the necessary DNS verification contents.
- Users must update their domain's DNS record with the provided contents.
- Post DNS update, Sense Defence will verify the domain (subject to DNS propagation time).
- Once verified, a certificate will be issued and installed for the web application that's onboarded to Sense Defence.
Key Notes:
- Certificates generated this way will be renewed automatically by Sense Defence.
- Users cannot export the certificate or its private keys from Sense Defence.
2. Upload Your Own SSL Certificate
Process:
- Users can upload the complete certificate chain and the associated private keys to Sense Defence.
- If subdomains need to be covered, they must be specified in the certificate using SAN (Subject Alternative Name).
Key Notes:
- Auto-renewal isn't available as the certificate isn't managed by Sense Defence.
- Only one certificate upload is permitted per domain.
Advanced End-to-End (E2E) Deployment
Sense Defence offers an Advanced E2E deployment option to ensure maximum encryption for user traffic. This includes encryption from the client to Sense Defence and from Sense Defence to the origin server. This advanced deployment also incorporates certificate validation.
For this setup, users have two choices:
- Use a certificate from a public Certificate Authority (CA).
- Generate a Sense Defence signed certificate.
This certificate can then be installed on the origin server to ensure seamless and secure E2E deployment.
Always ensure that you have the proper permissions and backups in place before making any changes to your SSL configurations. If you face issues or require additional support, consider reaching out to Sense Defence's support team.
Related Articles
Onboarding a Site to Sense Defence WAF
Sense Defence’s Web Application Firewall (WAF) offers both security and acceleration at the web application level. To begin the process of securing and speeding up a web application, a “site” must be added to a Sense Defence customer organisation. ...Onboarding Site to Sense Defence WAF
Sense Defence’s Web Application Firewall (WAF) offers both security and acceleration at the web application level. To begin the process of securing and speeding up a web application, a “site” must be added to a Sense Defence customer organisation. ...Sense Defence DNS Records
Once your site is successfully integrated with Sense Defence, it becomes essential to adjust your website's DNS records. By doing so, you will direct your site's traffic through the Sense Defence anycast network, ensuring optimal protection and ...Sense Defence Password Policy
The following password policy applies to users logging in to the Sense Defence Console. Policy Note: This policy does not affect organisations that log in to the Sense Defence Dashboard via their organisation's SSO. Password Strength No more than 2 ...Sense Defence Firewall Rule Overview
With Sense Defence Firewall Rules, you can establish guidelines to examine incoming data traffic. Depending on the rule, you can then block, challenge, record, or permit particular requests. Key Features: Guided Protection: Take advantage of the ...