How to Determine Whether SSL is Offloaded via Proxy when Linux Agent is Communicating to Cloud Workload Protection (CWP)

book

Article ID: 179357

calendar_today

Updated On:

Products

Cloud Workload Protection

Issue/Introduction

 

Resolution

Note: Console access is required to perform the following steps.

1. To display the bound certificate for the CWP console enter the following OpenSSL command:

openssl s_client -showcerts -connect s3.amazonaws.com:443 </dev/null 2>/dev/null|openssl x509 -outform PEM

2. The displayed certificate should contain the following issuer:

i:/C=IE/O=Baltimore/OU=CyberTrust/CN=Baltimore CyberTrust Root

Note: If any other issuer is displayed, the instance is using a proxy which is offloading SSL certificates.

See Firewall Requirements for CWP