Tuesday, 10 April 2012
If you are configuring SSL on your website or online application (and you should be these days), use the resources over at Qualys SSL Labs.
The SSL/TLS Deployment Best Practices gives good advice. Read this before your purchase your SSL certificate and follow its advice. For example, it talks about how to use SSL properly in your application design, what key length to use etc.
What I particularly like is the SSL Server Test facility. After you have configured your SSL certificate, go to the SSL Server Test page. Enter your URL in the Domain Name field (but make sure to check the "Do not show the results on the boards" box). Click the Submit button and SSL Server Test will analyze your SSL configuration.
This takes a few minutes, but will give you a result. You should be looking to get an A. It will tell you of any problems in your SSL configuration. Fix those and resubmit.
Keep repeating until SSL Server Test gives you an A....and then you can feel smug.
Useful Qualys Links: