I got TLS installed last week and it wasn’t the hardest thing to do. I have compiled some tips to try and smooth out your attempt.
This one messed with me for a bit because I totally forgot that my firewall was set to drop everything. If you get the following error in your browser, this tip is for you.
First off, take a look at your
matthew@Pineapple:~$ sudo iptables -L Chain INPUT (policy DROP) ACCEPT tcp -- anywhere anywhere tcp dpt:http ACCEPT tcp -- anywhere anywhere tcp dpt:https
What you want is to have an
https line in your rules. If you are
https line, use the following command to addi it.
sudo iptables -A INPUT -p tcp -m tcp --dport 443 -j ACCEPT
And then you need to make sure you save it so install the
package and save.
sudo apt-get install iptables-persistent sudo /etc/init.d/iptables-persistent save
Mozilla has built an awesome tool for getting your web server configured with the best security. These configurations are tested by the community and if you spot a problem, you can submit a pull request for changes.
I used the SSL Server Test by Qualys to religiously test my configuration. Shoot for a score of A if your certificate is from a governing body or an If trust issues are ignored: A rating if you created the certificate yourself.