AppTrana
Getting Started
Frequently Asked Questions
Product Details
API Scan Coverage for OWASP Top 10
Whitelist Vulnerabilities on the AppTrana WAAP
API Request to Purge CDN Data
Analysis page - Attack Trend Visualisation
Advanced Behavioral DDoS
BOT Protection
Asset Discovery
Restricted Admin User
Self Service Rules
Configuring Custom Error Page in AppTrana
Enabling SIEM Integration
API Discovery Feature
SwyftComply
Analysis page - Access Trend Visualization
Manage WAAP Email Alerts
Enable and Configure Single Sign-On
WAF Automated Bypass and Unbypass
False Positive Analysis Report on WAAP
Product User Guide
Indusface WAS
Getting Started
Product User Guide
Summary
Dashboard
Malware Monitoring[MM]
Application Audit[AA]
Vulnerability Assessment[VA]
Reports
Settings
Asset Monitoring
New Reporting Structure
Frequently Asked Questions
Feature Summary
AcuRisQ – Risk Management with Advanced Risk Scoring
WAS Consulting License
WAS Defacement Checks
SIEM Integration with Sumo Logic
Indusface WAS Scanned Vulnerabilities
Total Application Security
Onboarding Documents
Indusface Newsletter
Indusface Product Newsletter - October 2021
Indusface Product Newsletter- April 2021
Indusface Product Newsletter-January21
Indusface Product Newsletter - June 20
Indusface Product Newsletter - October 19
Indusface Product Newsletter - August 19
Product Newsletter of May 19
Product Newsletter of March 19
Product Newsletter of January 19
WAF Portal Revamp June 18
Product Newsletter of July 18
Product Newsletter of May 18
Product Newsletter of March 18
Product Newsletter of February 18
Product Newsletter of January 18
Indusface Product Newsletter - March 2022
Indusface Product Newsletter - February 2023
Indusface Product Newsletter- October 2022
Zero Day Vulnerability Reports
Vulnerabilities Detected in 2023
Vulnerability Report of May 23
Vulnerability Report of March 23
Vulnerability Report of August 23
Vulnerability Report of July 23
Vulnerability Report of April 23
Vulnerability Report of November 23
Vulnerability Report of June 23
Vulnerability Report of December 23
Vulnerability Report of February 23
Vulnerability Report of January 23
Vulnerability Report of September 23
Vulnerability Report of October 23
Vulnerabilities Detected in 2016
CRS vs. Zero Day Vulnerability - December 2016
CRS vs. Zero Day Vulnerability - November 2016
CRS vs. Zero Day Vulnerability - October 2016
CRS vs Zero Day Vulnerability - September 2016
CRS Vs Zero Day Vulnerabilities - August 2016
Vulnerabilities Detected in 2017
Vulnerability Report of April 17
Vulnerability report for Apr 3rd - Apr 9th 17
Vulnerability report for April 17th - Apr 23rd 17
Vulnerability report of April 10th - April 16th
Vulnerability Report of March 17
Vulnerability report for Mar 20th - Mar 26th
Vulnerability report for Mar 13th - Mar 19th
Vulnerability report for 27th Feb - 5th Mar
Vulnerability report for Mar 27th - Apr 2nd
Vulnerability report for Mar 6th - Mar 12th
Vulnerability Report of February 17
Vulnerability Report of January 17
Vulnerability Report of December 17
Vulnerability Report of November 17
Vulnerability Report of August 17
Vulnerability Report of September 17
Vulnerability Report of October 17
Vulnerability Report of July 17
Vulnerability Report of June 17
Vulnerability Report of May 17
Vulnerabilities Detected in 2018
Vulnerability Report of December 18
Vulnerability Report of November 18
Vulnerability Report of October 18
Vulnerability Report of September 18
Vulnerability Report of August 18
Vulnerability Report of July 18
Vulnerability Report of June 18
Vulnerability Reports of May 18
Vulnerability Report of April 18
Vulnerability Report of March 18
Vulnerability Report of February 18
Vulnerability Report of January 18
Vulnerabilities Detected in 2019
Vulnerability Report of December 19
Vulnerability Report of November 19
Vulnerability Report of October 19
Vulnerability Report of September 19
Vulnerability Report of August 19
Vulnerability Report of July 19
Vulnerability Report of June 19
Vulnerability Report of May 19
Vulnerability Report of April 19
Vulnerability Report of March 19
Vulnerability Report of February 19
Vulnerability Report of January 19
vulnerabilities Detected in 2020
Vulnerability Report of December 20
Vulnerability Report of November 20
Vulnerability Report of October 20
Vulnerability Report of Sep 20
Vulnerability Report of July 20
Vulnerability Report of June 20
Vulnerability Report of May 20
Vulnerability Report of April 20
Vulnerability Report of March 20
Vulnerability Report of February 20
Vulnerability Report of January 20
Vulnerabilities Detected in 2021
Vulnerability Report of November 21
Vulnerability Report of October 21
Vulnerability Report of September 21
Vulnerability Report of August 21
Vulnerability Report of July 21
Vulnerability Report of June 21
Vulnerability Report of May 21
Vulnerability Report of April 21
Vulnerability Report of March 21
Vulnerability Report of February 21
Vulnerability Report of January 21
Vulnerability Report of December 21
Vulnerabilities Detected in 2022
Vulnerability Report of January 22
Vulnerability Report of February 22
Vulnerability Report of March 22
Vulnerability Report of April 22
Vulnerability Report of May 22
Vulnerability Report of June 22
Vulnerability Report of July 22
Vulnerability Report of August 22
Vulnerability Report of September 22
Vulnerability Report of October 22
Vulnerability Report of November 22
Zero-Day Vulnerability Report - December 2022
Vulnerabilities Detected in 2024
Security Bulletin
Vulnerabilities 2024
Critical Apache OFBiz Zero-day AuthBiz (CVE-2023-49070 and CVE-2023-51467)
ScreenConnect Authentication Bypass (CVE-2024-1709 & CVE-2024-1708)
CVE-2024-1071 – Critical Vulnerability in Ultimate Member WordPress Plugin
Oracle WebLogic Server Deserialization
ApacheStructs_VG
Apache Struts 2 Vulnerability CVE-2023-50164 Exposed
Unpacking the Zimbra Cross-Site Scripting Vulnerability(CVE-2023-37580)
Adobe ColdFusion Vulnerabilities Exploited in the Wild
Remote Unauthenticated API Access Vulnerabilities in Ivanti
Multiple Moveit Transfer Vulnerabilities
HTTP/2 Rapid Reset Attack Vulnerability
Apache log4j RCE vulnerability
Table of Contents
- All Categories
- Total Application Security
- Onboarding Documents
- Marketplace
- Other Guides
- Total Application Security AMI SSL Configuration
Total Application Security AMI SSL Configuration
To handle secure website URLs (HTTPS), Indusface Total Application Security WAF requires SSL certificates and configuration. It supports only CRT file formats. This page will guide you to convert the P12, PFX, PEM, JKS formats into CRT format.
Supported SSL File Format Configuration
There are two types of configurations for the supported SSL file formats.
P12, PFX, PEM, JKS file format Configuration
Prerequisites:
File Format |
Password |
---|---|
JKS | Key Password, Keystore Password |
PFX/P12 | Key Password |
SSL Conversion Steps
Follow the steps below to migrate the SSL from your machine to Indusface Total Application Security- WAF AMI with the appropriate file format (CRT).
- Copy the certificates to the Indusface TAS-AMI using any file transfer tool into /home/ec2-user.
- Log into your AMI using any SSH client (E.g. PuTTY).
- Specify the destination Host Name or IP Address of the WAF AMI and use the associated Key Pair (same key pair associated while launching the AMI instance from the AWS Marketplace.)
- Specify the destination Host Name or IP Address of the WAF AMI and use the associated Key Pair (same key pair associated while launching the AMI instance from the AWS Marketplace.)
- A terminal will open up. Specify the Username ec2-user and then proceed with authentication.
- Switch to root user by executing the command sudo su –.
- Copy SSL files to /mnt directory by executing the command cp <cert_filename> /mnt.
- Now run the command ls to list all the certificates in the /mnt directory.
- Change the directory to /media using the command cd /media.
- Run the command ls to list the contents of the directory. It will return the file convert_ssl.sh.
- Run the command ./convert_ssl.sh <file_format> <domain_name> and press ‘y’ to provide password to convert the files into CRT file format.
Example: ./convert_ssl.sh p12 www.yourdomain.com. - All the converted files will be placed automatically in /etc/httpd/SSL folder.
- A success message will appear. To ensure, change directory to cd /etc/httpd/ssl and run the command ls to list all the files in the folder, the following files should be listed.
<domain_name>.crt
<domain_name>-server.key
<domain_name>-chain.crt
If the certificate file is not password protected, click enter to proceed.
After completion of SSL configuration, follow the Traffic Routing steps.
CRT file format Configuration
- Open the Certificates in the text editor, for example, Notepad, Notepad++ for Windows Operating System and vi editors for Linux Operating System.
- Copy the content of Private Key and paste it in Private Key field. For verification purpose you can see"--END RSA PRIVATE KEY--" at the end of the content.
- Copy the content of Certificate and paste it in Certificate field. For verification purpose you can see"--END CERTIFICATE--" at the end of the content.
- Copy the content of Chain Certificate and paste it in Chain Certificate field. For verification purpose, you can see--END CERTIFICATE--" at the end of the content.
- After adding the information click Submit.
Follow the steps to upload SSL Certificates manually:
Consider your domain name as "yourdomain.com" and rename the SSL certificates as per your domain name in the format mentioned in the table.
If you have multiple Chain files, put all the files in yourdomain.com-chain.crt file.
Certificate |
Format |
---|---|
Server Certificate | yourdomain.com.crt |
Private Key Certificate | yourdomain.com-server.key |
Chain File | yourdomain.com-chain.crt |
Follow the steps below to migrate the SSL from your machine to Indusface Total Application Security- WAF AMI
- Copy the above files from your machine to the Indusface TAS AMI by any file transfer tool into /tmp directory.
- Log into your AMI using any SSH client (E.g. PuTTY).
- Specify the destination Host Name or IP Address of the WAF AMI and use the associated Key Pair (same key pair associated while launching the AMI instance from the AWS Marketplace).
- A terminal will open up. Specify the Username ec2-user and then proceed with authentication.
- Switch to root user by executing the command sudo su –.
- Change the directory to cd /etc/httpd/ssl/.
- Run the below command to copy the files from /tmp directory to /etc/https/ssl/ (cp /tmp/yourdomain* /etc/httpd/ssl/).
- Run the command to rename the apache configuration file.
mv /etc/httpd/indusface/<yourdomain>.conf.disabled /etc/httpd/indusface/<yourdomain>.conf.
- Run the command to restart the apache systemctl restart httpd.service.
Removing passphrase from the private key
- To remove the passphrase from a private key type the command
"openssl rsa -in yourdomain.com-server.key -out yourdomain.com-server.key1".
- Enter the pass phrase for the website.
- Create a backup file of yourdomain.com-server.key by executing the command
mv yourdomain.com-server.key yourdomain.com-server.key_bak
- Rename the file yourdomain.com-server.key1 to yourdomain.com-server.key by executing the command
mv yourdomain.com-server.key1 yourdomain.com-server.key
- Now type the command ls to list the certificates, the following files should be listed.
yourdomain.com.crt
yourdomain.com-server.key
yourdomain.com-server.key_bak
yourdomain.com-chain.crt
- After completion of SSL configuration, follow the Traffic Routing.