High Grade TLS/SSL Configuration
If you are looking for the highest grade encryption configuration for your Internet based service / website please give us a five minute call.
Do not purchase your SSL certificate before contacting us as certain parameters are defined at the time of creating the certificate and cannot be changed afterwards.
TLS/SSL Configuration Issues to Note
- Generate a KEY that is at least 4096 bits.
- Never store your KEY or CSR in a publically accessible place.
- The SSL Certificate Signing Request (CSR) holds details about your company and domain. Ensure that the domain is set correctly.
- Check your Certificate Signing Request (CSR) before submitting it to be signed by the Issuer to produce your Certificate (CRT) as your Issuer will only sign it once and so cannot be fixed later.
- Use an Issuer that is recognised by all common web browsers and mobile device else your clients may see a message saying that your certificate is "Untrusted"!
- Enable TLS/1.2, disable SSL v2.0 and preferably SSL v3.0 too.
- If possible use a web server version that supports Secure TLS Renegotiation.
- NEVER serve the same web content over http as https. This makes it easy for your SSL certificate to be decrypted, and traffic compromised in the future. Setup an automatic redirect if possible using your web server to move all http requests to https.
These are 8 general important things to bear in mind, there are lots more depending on your application.
Please call us, or enter some basic information below and we will get back to you: