Docs
uewaf
Frequently Asked Questions
HTTPS/Certificate Related Issues

HTTPS/Certificate Related Issues

Enable HTTPS Access

There are two ways to do this:

  1. Add a source site that supports the HTTPS protocol and upload the corresponding SSL certificate for the domain name. If you need to redirect HTTP requests to HTTPS requests, please enable the [HTTPS Redirection] option, which only supports redirection from port 80 to port 443.
  2. After adding a source site for the HTTPS protocol with port 443, enable the [HTTP Back-to-source] option, which only supports back-to-source from port 443 to port 80, and the source site needs to open port 80.

Mobile Device HTTPS Access Exception

This problem usually occurs when mobile browsers (such as pre-installed browsers on Android and WeChat Mini Programs) access HTTPS websites. The reason is that some mobile browsers will verify the website’s SSL certificate and intermediate certificate. If the intermediate certificate is missing, the website cannot be accessed, and there is no log of such access on UWAF.

Solutions

  1. You can download the intermediate certificate from the certificate issuing organization, use a text editor or the ‘cat’ command to append the content of the intermediate certificate after the content of the public key file, and upload the public key file that includes the intermediate certificate.
  2. Use a third-party tool (recommended https://myssl.com/chain_download.html) to complete the intermediate certificates and download the certificate that contains the complete certificate chain, then upload.
  3. Contact UCloud Global technical support to add intermediate certificates at the backend.

SSL Certificate Format

UWAF supports PEM format certificates (can be purchased through UCloud Global USSL and download PEM format certificate files), PEM format certificates usually include two files, the one with the extension pem is the public key file, select the public key file and click on [Upload Public Key] button to upload, and the one with the extension key (it may also have the extension pem, you can distinguish the public-private keys by the file name) is the private key file, select the private key file and click on [Upload Private Key] button to upload it.

After the file is uploaded, UWAF will check the correctness of the certificate. If the verification fails, an error will be returned and the certificate cannot be applied. Please follow the steps below to troubleshoot and re-upload:

  1. Check whether the public key file and private key file are correct.
  2. Check whether the uploaded files are duplicated.
  3. You can use a third-party tool to verify the correctness of the certificate (recommended https://myssl.com/match_key.html).

If the SSL certificate is purchased from USSL or hosted at USSL, UWAF supports automatic synchronization of such certificates.

SSL Client Verification

UWAF supports HTTPS domain name configuration client authentication. If you have this requirement, please contact UCloud Global technical support. And please prepare the verification root certificate and CRT certificate.

Client's Real IP and Port