check-ssl-certificate

category:

Check SSL Certificate with two easy steps in Apache with Plesk

While SSL certificate verification through Plesk control panel can be easy, ensuring that your Apache Server passes the SSL test from the Qualys SSL Test can be a little tricky. Here are two steps which you need to run from the linux command line to get an A rating when you check ssl certificate in Apache

Step 1: SSL certificate protocol update

# vi /etc/httpd/conf.d/ssl.conf and change/enable the following parameters in the ssl.conf file: SSLProtocol all -SSLv2 -SSLv3 SSLCipherSuite ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-DSS-AES128-SHA256:DHE-DSS-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA:!DHE-RSA-AES128-GCM-SHA256:!DHE-RSA-AES256-GCM-SHA384:!DHE-RSA-AES128-SHA256:!DHE-RSA-AES256-SHA:!DHE-RSA-AES128-SHA:!DHE-RSA-AES256-SHA256:!DHE-RSA-CAMELLIA128-SHA:!DHE-RSA-CAMELLIA256-SHA SSLHonorCipherOrder     on

Step 2: Restart Plesk services and verify SSL 

# /usr/local/psa/admin/bin/websrvmng -r and then retest the results, you should be doing fine. Getting an A+ verfication with your SSL certificate checker is a key requirement for most ecommerce websites and the above steps would help you in other similar environments as well. 
Share
Comments (0)

Leave a Reply

Your email address will not be published. Required fields are marked *

+ 41 = 44

Related:

Stay Updated

Please enter your details below to get
A Free Trial
x + x* =