Author Topic: Make Your Server FQDN [Lets Encrypt/Auto SSL] SSL certificate A+ Grade  (Read 55 times)

0 Members and 1 Guest are viewing this topic.

Offline
*
Hello Everybody

Hope you are doing well. I am using CWP6.admin in CentOS 6.9 with Lets Encrypt .
But My SSL certificate grade is B and My Cipher list is not so strong.
So I am going use Strong Cipher list and I will show you that how to make your SSL certificate A+ grade .

Visit https://www.ssllabs.com/ssltest/ and Provide your Server FQDN & wait for the result .
You will see that your SSL is not A+ grade .

Login to your server using SSH .

1.Change the directory
#cd /usr/local/apache/conf.d/

2.Backup ssl.conf

3. Edit ssl.conf & paste the below code
#vi ssl.conf

<IfModule !ssl_module>
LoadModule ssl_module modules/mod_ssl.so
</IfModule>
Listen 443
SSLCipherSuite EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH
SSLProtocol All -SSLv2 -SSLv3 -TLSv1 -TLSv1.1
SSLHonorCipherOrder On
Header always set Strict-Transport-Security "max-age=63072000; includeSubDomains; preload"
Header always set X-Frame-Options DENY
Header always set X-Content-Type-Options nosniff
# Requires Apache >= 2.4
SSLCompression off

# OCSP Stapling, only in httpd 2.3.3 and later
SSLUseStapling on
SSLStaplingCache "shmcb:logs/stapling-cache(150000)"
# Requires Apache >= 2.4.11
SSLSessionTickets Off


SSLStaplingResponderTimeout 5
SSLStaplingReturnResponderErrors off
SSLStaplingCache        shmcb:/var/run/ocsp(128000)
 
#NameVirtualHost server_ip:443


4.save & close

5. Open httpd.conf file

#vi /usr/local/apache/conf/httpd.conf
Enable the below module , just uncomment

LoadModule socache_shmcb_module modules/mod_socache_shmcb.so

6.save & close

6.Restart Apache & cwp server


7. Finally visit https://www.ssllabs.com/ssltest/ & provide your server FQDN , And See result , your server SSL certificate is A+ grade.


Source : Cipherli.st Strong Ciphers for Apache, nginx and Lighttpd
https://cipherli.st/


If you need any further assistance , just post a comment below , i will try to assist you.