WebDesires - Web Development Cannock, West Midlands

Cannock UK: T: 01543 547 899 Birmingham UK: T: 0121 318 6336 International: T: +44 121 318 6336

Getting an A+ rating on the Qualys SSL Test on all cPanel Domains

Getting an A+ rating on the Qualys SSL Test on all cPanel Domains

Need Some Help? We are here for you!

We have a very friendly service - Come and chat to us and let us know what you need, we work for an hourly fee and can also provide you a no obligation quote and begin work immediately in most cases. Click "Request Support" or use our Live Chat.

Request Support
There is a mobile optimized version of this page, view AMP Version.

Security is very on both sides of the table when it comes to websites and servers, for one it’s good for you as the server administrator as you and your clients are less likely to be compromised in any fashion, and of course it is something to boast about. This is also true for the client, however sometimes its even more important for the client if they are audited or require to be PCI complaint.

At WebDesires our servers come with full A+ Rating for SSL security through Qualys SSLLabs, and we thought we would make an article on how you as a server administrator can get your WHM cPanel server SSLLabs A+ Rated too.

 

Step 1:

In WHM go to: Home -> Service Configuration -> Apache Configuration -> Global Configuration

Make the following changes to the options:

SSL Cipher Suite:

ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4

SSL/TLS Protocols (Use best if you can but windows XP and IE6 will not be able to connect.):
(Best)
 All -SSLv2 -SSLv3 -TLSv1
(Compatibility) All -SSLv2 -SSLv3

LogLevel:
Warn

Trace Enable:
Off

Server Signature:
Off

Server Tokens:
Product Only

File ETag:
None

Make sure you click “save” then click “rebuild Configuration and Restart Apache”.

 

Step 2:

In WHM go to: Home -> Service Configuration -> Apache Configuration -> Include Editor

Under “Pre Main Include” select “All Versions” and an editor will appear.

Enter these 2 lines below:

Header always set Strict-Transport-Security "max-age=31536000; includeSubdomains;"
SSLHonorCipherOrder on

 

Finally click “update” and then click “Restart Apache”.

 

Step 3:

You should now have A+ Rating on Qualys SSLLabs.

Here is ours:

https://www.ssllabs.com/ssltest/analyze.html?d=server1.wdnode.com

 

Need Some Help? We are here for you!

We have a very friendly service - Come and chat to us and let us know what you need, we work for an hourly fee and can also provide you a no obligation quote and begin work immediately in most cases. Click "Request Support" or use our Live Chat.

Request Support

Author: Dean Williams

Professional PHP Web Developer with expertise in OpenCart Web Development, WordPress Web Development, Bespoke Systems - also a seasoned Linux Server Administrator.