Securing SSL / HTTPS

httpsSecuring SSL and HTTPS might seem like a contradiction to you, because SSL and HTTPS are secure right? Well, not entirely and always. There are some awesome tools out there that will get your website from an F to an A+. Check this out.

This is a good example of always being on top of your game. Besides Linux, security is a topic I absolutely love. Both have been a huge deal for me the past year almost. Hackers never sleep and so shouldn’t you, apparently.

Anyway, make your sites more secure with these simple steps.

HSTS, HTTPS and SSL

We’ve already discussed HSTS and the site securityheaders.io. Make sure you’ve read this post earlier. It’s WordPress related where this one is for Apache as a whole (or Nginx even). You even have to secure your security as it seems.

Now about securing your SSL. First, do a check at the Qualys site, which measures the current state of your SSL. You might be surprised. This site is a respectable site to perform these sorts of test but there are other as well. Next, check the versions of Apache (or Nginx) and OpenSSL:

# httpd -version

# openssl version

Head to this Mozilla SSL generator, put in your details and be amazed. This is how your configuration should look like. Change your configuration and do the check at Qualys again.

I opted for the ‘modern’ configuration, put it in my /etc/httpd/sites-enabled configuration file and went from a B to an A+.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.