Adventures With TLS
I got TLS installed last week and it wasn’t the hardest thing to do. I have compiled some tips to try and smooth out your attempt.
Put a hole in your firewall
This one messed with me for a bit because I totally forgot that my firewall was set to drop everything. If you get the following error in your browser, this tip is for you.
First off, take a look at your
matthew@Pineapple:~$ sudo iptables -L Chain INPUT (policy DROP) ACCEPT tcp -- anywhere anywhere tcp dpt:http ACCEPT tcp -- anywhere anywhere tcp dpt:https
What you want is to have an
https line in your rules. If you are
https line, use the following command to addi it.
sudo iptables -A INPUT -p tcp -m tcp --dport 443 -j ACCEPT
And then you need to make sure you save it so install the
package and save.
sudo apt-get install iptables-persistent sudo /etc/init.d/iptables-persistent save
Use tested configurations
Mozilla has built an awesome tool for getting your web server configured with the best security. These configurations are tested by the community and if you spot a problem, you can submit a pull request for changes.
Run a quality check
I used the SSL Server Test by Qualys to religiously test my configuration. Shoot for a score of A if your certificate is from a governing body or an If trust issues are ignored: A rating if you created the certificate yourself.