Tools for setting up and testing secure certificates

Posted in Linux/Unix/BSD -

This is a quick reference page for some tools for configuring web server settings and testing secure certificates.

Mozilla SSL Configuration Generator

This tool provides you with SSL configurations for Apache, Nginx, HAProxy & AWS Elb, depending on the server version and openssl version.

https://mozilla.github.io/server-side-tls/ssl-config-generator/

To find out your openssl version, do this:

openssl version

To find out your Apache version, do this (depending on distro it'll be apache2 or httpd, and you may need to prefix it with /usr/sbin):

apache2 -v
OR
httpd -v

To find out your Nginx version, do this (again you might need to prefix with /usr/sbin):

nginx -v

Qualys SSL Labs SSL Server Test

This tool tests your secure certificate and gives it a grade. On a couple of older servers, I was able to improve the grade from an "F" to a "B" simply by using the Mozilla SSL configuration generator above. We should be able to get them to an "A" by fixing the intermediate certificate when we renew.

https://www.ssllabs.com/ssltest/

[Update] I bought a new certificate for a site using RapidSSL, the Mozilla configuration generator and with up to date Nginx & openssl on Debian 7 Wheezy and got an A+ with the testing tool.



Related posts:


Comments