troubleshooting Question

SSL certs for server to server comms & install them on servers or WAF & pentesting them

Avatar of sunhux
sunhux asked on
SecuritySSL / HTTPSNetwork Security
4 Comments3 Solutions16 ViewsLast Modified:

a vendor is setting up on-prem internal servers for us:

vendor told us he needs SSL certs for the 5 servers

not for users to access but for server to server comms.


Q1:

Shall we use self-signed certs in this case & usually

for how long these certs should be valid (every 1-3

yearly or permanently)?


Q2:

Should these servers sit behind the WAF (or suppose 

these 5 URLs are not for users access but server to

server communications) or in front of the WAF?


Q3:

If they sit behind the WAF, shd the self-signed certs

be installed in the WAF or in the servers?  If they

sit in front of WAF, certainly the certs have to be

installed in the servers


Q4:

For penetration tests, we should test the 5 URLs (

vendor said they're for server to server comms),

through the WAF or position the penetration 

scanners directly on the servers without going

through WAF?




ASKER CERTIFIED SOLUTION
btanExec Consultant
Join our community to see this answer!
Unlock 3 Answers and 4 Comments.
Start Free Trial
Learn from the best

Network and collaborate with thousands of CTOs, CISOs, and IT Pros rooting for you and your success.

Andrew Hancock - VMware vExpert
See if this solution works for you by signing up for a 7 day free trial.
Unlock 3 Answers and 4 Comments.
Try for 7 days

”The time we save is the biggest benefit of E-E to our team. What could take multiple guys 2 hours or more each to find is accessed in around 15 minutes on Experts Exchange.

-Mike Kapnisakis, Warner Bros