Verifying SSL Prior to DNS Rollover

It can be useful to verify if the proper SSL certificate is installed on your WAF prior to making the production DNS changes that would roll over your DNS to route traffic through the WAF. 

Running the following shell command will give you information about the WAF + SSL status prior to making DNS changes:

echo | openssl s_client -servername DOMAIN_NAME -connect WAF_IP:443 2>/dev/null | openssl x509 -noout -subject -issuer -dates

Where DOMAIN_NAME is the public domain of the site you are intending to protect with the WAF and WAF_IP is the IP address that has been assigned to the WAF.

The WAF_IP is the IP Address that the DNS A record for the WAF will point to in production.

Running the above command should output something similar to the below:

subject=CN =
issuer=C = GB, ST = Greater Manchester, L = Salford, O = Sectigo Limited, CN = Sectigo RSA Domain Validation Secure Server CA
notBefore=Jan  4 00:00:00 2021 GMT
notAfter=Jan  4 23:59:59 2022 GMT

The subject field in the output should match the publicly addressable domain for your site. if this value is anything else please contact support at

Did this answer your question? Thanks for the feedback There was a problem submitting your feedback. Please try again later.