A few days ago the SSL certificates of this server reached the end of their validity, so I had to change the certificates (again).
The last time I went with a mixed setup of free class 1 certificates from StartSSL and wildcard certificates from CACert.org because I didn't wanted to spent a lot of money for SSL certificates. Diego later pointed out in the comments of the last article on this topic, that you don't pay StartSSL per certificate but per (identity) validation. Once you passed the identity validation (with it's fee), you can issue as many certificates as you want.
StartSSL's class 2 certificates offer a few goodies compared to the class 1 certificates:
- Valid for 2 years (one year for class 1)
- Wildcard support
I went with wildcard certificates for my domains. While per-domain certificates offer a little more security, they introduce a real maintenance-hell if you have more than a few subdomains.
My old certificates used a SHA1 hash, which caused the SSL Labs test to reduce the rating to A; the new certificates have a SHA256 hash. To get a CSR with a SHA256 hash, make sure you pass
-sha256 to the
openssl req ... command. Otherwise, you'll end up with a sha1 hashed certificate signing request.
Here are the tricky bits in the Apache SSL configuration to drop support for everything < TLS (that is SSLv2, SSLv3) and weak ciphers:
Change the values to the following values:
SSLProtocol TLSv1.2 TLSv1.1 TLSv1 All -SSLv2 -SSLv3 SSLHonorCipherOrder On SSLCipherSuite HIGH:MEDIUM:!ADH:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS:!AECDH SSLCompression Off
Note: you can set these values only server-wide. That means, if you still not pass the SSL Labs test after setting these values, you propably have another place where these values are set (e.g. in the Default SSL Vhost config).
Also, make sure to send the correct intermediate certificate for your server certificate. For StartSSL, that is
- sub.class1.server.ca.pem for class 1 server certificates,
- sub.class2.server.ca.pem for class 2 SHA1 server certificates, and
- sub.class2.server.sha2.ca.pem for class 2 SHA256 server certificates
Following these few steps, your SSL your test report should look like this:
To enable TLS_FALLBACK_SCSV, see https://www.openssl.org/news/secadv_20141015.txt:
OpenSSL 1.0.1 users should upgrade to 1.0.1j. OpenSSL 1.0.0 users should upgrade to 1.0.0o. OpenSSL 0.9.8 users should upgrade to 0.9.8zc.