The HTTPS protocol is more and more widespread and it becomes necessary to install SSL / TLS </ strong> certificates on your web servers. We will see how to test and verify your certificates.
After setting up a certificate on a web server or on an appliance (reverse proxy, vpn ssl …), it is advisable to check the SSL / TLS security.
This verification can be done with Qualys Ssl Server Test : https://www.ssllabs.com/ssltest/
On ssllabs website, a section Hostname allow to input a URL to test :
Example : jaguar-network.com
It take a few moment to verify a domain but you can see statut In progress to know progression.
In our example, we obtain a A+ rank, which indicates that the configuration is optimal.
If you click on domain link, you will see all details of your certificate(s).
Conditions to obtain a A+ rank are these following criterias :
- Certificate : minimum 2048 bits / Conseillé 4096 bits
- Protocol Support : uniquement TLS 1.2
- Cipher Strength :
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (0xc030) ECDH secp256r1 (eq. 3072 bits RSA)
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (0xc02f) ECDH secp256r1 (eq. 3072 bits RSA) 128
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (0xc028) ECDH secp256r1 (eq. 3072 bits RSA) 256
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 (0xc027) ECDH secp256r1 (eq. 3072 bits RSA)
- HTTP Strict Transport Security (HSTS) : oui