As part of my job responsibilities, I am responsible to create key, csr file and order certificate from CA. There is not lot of information on how to securely deploy key, certificate on web server for https protocol use.
One thing you really have to make sure about key and certificate is that they are owned by root user only and they are read only. I will make sure group ownership is right too. I even prefer to restrict directory permission too where cert and key are stored.
If you are person responsible for deploying key, certificate on web server especially on production environment server then I will definitely recommend to read this pdf doc on how to deploy key, certificate.
You can test your web server https configuration rating usingI do use https://www.ssllabs.com/ssltest to test my web server https configuration rating.
Above test output provides all details information about browsers support too.
https://www.ssllabs.com is great site to be up to date with all SSL/TLS information, vulnerability etc.
It's on my weekly reading list.
No comments:
Post a Comment