Verifying SSL Prior to DNS Rollover
It can be useful to verify if the proper SSL certificate is installed on your WAF prior to making the production DNS changes that would roll over your DNS to route traffic through the WAF.
Running the following shell command will give you information about the WAF + SSL status prior to making DNS changes:
echo | openssl s_client -servername DOMAIN_NAME -connect WAF_IP:443 2>/dev/null | openssl x509 -noout -subject -issuer -dates
Where DOMAIN_NAME is the public domain of the site you are intending to protect with the WAF and WAF_IP is the IP address that has been assigned to the WAF.
The WAF_IP is the IP Address that the DNS A record for the WAF will point to in production.
Running the above command should output something similar to the below:
subject=CN = example.com issuer=C = GB, ST = Greater Manchester, L = Salford, O = Sectigo Limited, CN = Sectigo RSA Domain Validation Secure Server CA notBefore=Jan 4 00:00:00 2021 GMT notAfter=Jan 4 23:59:59 2022 GMT
The subject field in the output should match the publicly addressable domain for your site. if this value is anything else please contact support at email@example.com.