
Need some help? We are here for you!We have a very friendly service - Come and chat to us and let us know what you need, we work for an hourly fee and can also provide you a no obligation quote and begin work immediately in most cases. Click "Request Support" or use our Live Chat.
Request support
Security is very on both sides of the table when it comes to websites and servers, for one it’s good for you as the server administrator as you and your clients are less likely to be compromised in any fashion, and of course it is something to boast about. This is also true for the client, however sometimes its even more important for the client if they are audited or require to be PCI complaint.
At WebDesires our servers come with full A+ Rating for SSL security through Qualys SSLLabs, and we thought we would make an article on how you as a server administrator can get your WHM cPanel server SSLLabs A+ Rated too.
Step 1:
In WHM go to: Home -> Service Configuration -> Apache Configuration -> Global Configuration
Make the following changes to the options:
SSL Cipher Suite:
ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4
SSL/TLS Protocols (Use best if you can but windows XP and IE6 will not be able to connect.):
(Best) All -SSLv2 -SSLv3 -TLSv1
(Compatibility) All -SSLv2 -SSLv3
LogLevel:
Warn
Trace Enable:
Off
Server Signature:
Off
Server Tokens:
Product Only
File ETag:
None
Make sure you click “save” then click “rebuild Configuration and Restart Apache”.
Step 2:
In WHM go to: Home -> Service Configuration -> Apache Configuration -> Include Editor
Under “Pre Main Include” select “All Versions” and an editor will appear.
Enter these 2 lines below:
Header always set Strict-Transport-Security "max-age=31536000; includeSubdomains;" SSLHonorCipherOrder on
Finally click “update” and then click “Restart Apache”.
Step 3:
You should now have A+ Rating on Qualys SSLLabs.
Here is ours:
https://www.ssllabs.com/ssltest/analyze.html?d=server1.wdnode.com
Need some help? We are here for you!We have a very friendly service - Come and chat to us and let us know what you need, we work for an hourly fee and can also provide you a no obligation quote and begin work immediately in most cases. Click "Request Support" or use our Live Chat.
Request support