Certificate Management

You can centrally manage the certificates and TLS settings on UWAF, including all the SSL certificates uploaded by the user for all domains. It also supports configuration of TLS protocol versions and encryption suites (after changing, the TLS version and encryption suite of all domains will change). You can also upload updated domain certificates to replace those about to expire.

If the certificate is purchased from USSL, UWAF supports automatic synchronization of USSL certificates. When users add domains, they do not need to upload certificates, UWAF will automatically pull the certificates of the related domains.

TLS Configuration

You can globally set the TLS protocol version and encryption suite. The default TLS protocol is 1.0, 1.1, 1.2, and when selecting protocol version 1.3, 1.2 must be chosen simultaneously, 1.3 cannot be selected alone. The encryption suite has pre-set high and medium levels, or you can customize the encryption suite. The encryption suite selected must match the protocol version. You can use the openssl command to query the encryption suite corresponding to a certain protocol version, such as openssl ciphers -tls1_1 -s to query all the encryption suites supported by TLS 1.1.

Certificate Upload

The certificate file needs to be in PEM(Privacy Enhanced Mail) format. The characteristics of this type of certificate file format are:
The first line starts with -----BEGIN , and the last line ends with -----END . If the format is incorrect, the upload will fail.

Certificate List

The certificate list includes all SSL/TLS certificates uploaded to UWAF, and also provides certificate binding and deletion operations.

Parameter Description