Friday 23 February 2018

Getting an A+ rating on the Qualys SSL Test on all cPanel Domains






Getting an A+ rating on the Qualys SSL Test on all cPanel Domains


Security is a basic requirement of the server. We will use SSLLabs, a testing project of Qualys, a company that provides strategic security solutions. In this post, we will see how to use their A+ indicator which is the industry high standard in SSL security and try to meet its requirements. The SSLLabs checker covers two substantial parts of the investigation: Authentication, which reflects details about installed SSL certificate and additional certificates provided by a server, and Configuration, which shows server settings for secure negotiation used in client-server interaction.
This blog will cover the steps to get your A+ rating on Qualys without affecting the web-server configuration.
STEP 1 :
Go to WHM >> Home -> Service Configuration -> Apache Configuration -> Global Configuration
Change the default cipher suite to the following by selecting the custom entry for cipher suits:
  • SSL/TLS protocols are OK to keep set as default.
  • Server Tokens are also set to “Product Only” to avoid leaking information about the server OS.
  • Turn Trace Enable off per PCI recommendations and standards

  • Click Save. Apache will now favor stronger protocols before others.
  • Now time to set forward secrecy with a long date in advance.
STEP 2 :
Go to WHM >> Home -> Service Configuration -> Apache Configuration -> Include Editor
Then jump to Pre Main Include
Alternatively, we can manually add this on the below configuration path,
/usr/local/apache/conf/includes/pre_main_global.conf
After saving the the file restart the service by using the below command,
This will rebuild the Apache configuration as would be done from WHM and restart Apache as well.
STEP 3 :
Now test your website at Qualys SSL Labs to see the score you get, if you’ve followed instructions properly, you should have an A+
Now A+ SSL settings applied on all domains on the cPanel server that have certificates installed. By using the global pre-main includes and modifying the server wide ciphers for Apache, every domain using SSL will enjoy the same security
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)