An SSL certificate is a digital certificate that authenticates a website’s identity and enables an encrypted connection between the visitor and the webserver.
Keeping client and user information safe is first and foremost when it comes to running any website that stores sensitive user data. SSL stands for Secure Sockets Layer it’s a standard technology that creates a secure environment where two computers can communicate without leaking sensitive information. several versions of SSL protocol, all of which at some point ran into security troubles.
There are a lot of different cyber security tasks you will need to accomplish when creating a website to keep your website safe. One of the best things you can do for the security of your website is to install an SSL certificate.
Qualys SSL Labs is an SSL certificate testing tool that lets you test deep analysis of the configuration of any SSL web server on the public Internet. When SSL certificates are installed we need to check that the certificate parameters are valid and contain no errors. Misconfigured SSL/TLS can leave your website vulnerable to cyber attacks.
SSL and SSL 2 are obsolete and insecure if your support these protocols your SSL policy will get a bad grade.
SSL certificates work best when you have a secure and modern TLS version installed on your server for example take a look a some of the most recent worst graded SSL tests in Qualys SSL Labs.
If we take a look at the websites in SSL Labs recent worst we can see that some of these domains got a bad grade due to a number of factors. Let’s take a closer look at one of these domains to understand how SSL Labs grades our domains based on their SSL configuration. Let’s use ifweb.tompkins-co.org as an example.
If we take a closer look into why this domain got a bad SSL grade we can see that the server still responds to SSL2 certificate requests and in turn would get graded an F due to SSL2 being vulnerable to DROWN attack.
The server is also vulnerable to POODLE attack and must disable SSL 3 if they want to mitigate the threat. As you can see a poorly configured SSL policy can take a negative effect on your website security.
Now, let’s take a look at a correctly configured SSL policy we will use our own website Website By Design as an example. As you can see the grade of the SSL policy is A+.
Let’s talk a little about how we achieved an A+ SSL grade by telling our servers to use modern versions of TLS and rejecting older TLS versions. Our SSL policy states that our website can only be viewed by modern browsers that have SNI support. SNI, or Server Name Indication, is part of the TLS encryption protocol that enables a client device to specify the domain name it is trying to reach. By letting the client device state what domain it’s trying to reach prevents common name mismatch errors.
A good SSL policy should have good protocol support, key exchange, and cipher strength.