Getting an A+ on the Qualys SSL for free

Following step are tested with Ubuntu 14.04.2 LTS with apache 2.4.7, but it should be same in other distro.

1. Getting free certificate

Go to https://www.startssl.com/, register and get a free cert easy with simple steps. Please note that you should requests SHA256 for certificate.  After download key and cert from startssl, you should download immediate cert from https://www.startssl.com/certs/sub.class1.server.ca.pem and use as chain key.

2. Enable SSL configuration as follow

Let’s open ssh and login to your server, please make sure that your server has apache, openssl with security patch up to date and enable ssl configuration at port 443.

3. Deploying Diffie-Hellman for TLS

Install new dhparam (2048+), it requires ~ 10 minutes to generate new dhparam file. After complete, open dhparames.pem, copy the content and paste to the end of your certificate file.

Please note that if your apache is 2.4.8 or newer, you can specify your DHparams file in ssl.conf as follows:

4. Enable SSL and config your virtual host as follows:

5. Restart Apache2 to apply your changes

6. Time for testing

Check certificate result from: https://www.sslshopper.com/ssl-checker.html

Checkcert
Getting result on https://www.ssllabs.com/ssltest/index.html

SSL LAB TEST

 9,736 total views,  2 views today

Comments

comments