How to configure HTTPS/SSL for a simple web server

Posted on 2016-07-10. Last updated on 2020-06-03.

I've found two very powerful tools to help web administrators and system administrators set proper HTTPS/SSL parameters in their web-servers.

The first is a configuration generator maintained by Mozilla Corp simply called the "Mozilla SSL Configuration Generator". This tool will allow you to select parameters to generate a configuration for. It has support for all mainstream web servers, selections for sets of browser generations (old, intermediate, latest), server versions, and SSL versions. It generates a simple text output that an administrator should use on their web-server for security. Using the output provided by Mozilla's SSL configuration generator, I was very easily able use a very secure setup on my server without having to track and maintain documentation for every single compromised cipher and protocol versions.

The second extremely helpful tool will help you verify your server and configurations are secure. Qualys SSL Labs offers a free service that scans your website and server to test for known exploits on SSL protocols and ciphers. The test will output a grade and tell you what needs to be changed on your server. The output from this test is very detailed and quite impressive for a free tool. I highly recommend testing your webserver in this tool. New exploits are always being discovered and security is an ever changing game. See if you can earn an A+ with a proper configuration.

Using these two tools, I was able to earn a very satisfactory grade for my servers and more importantly, secure them against a plethora of known exploits that exist on the web. I implore you to do the same with your systems. Happy surfing!

If you have any comments, corrections, or feedback, please feel free to email them to me.