The Truth about SSL Certificate

Friday, October 9, 2015

Discover the vulnerabilities behind SSL certificate and what is needed to fully protect your website. 

Let’s say you purchased a Secure Socket Layer (SSL) certificate, created your Certificate Signing Request (CSR), upload the certificate on your server and you’re done, thinking that communication is encrypted and server is fully secured. You see https:// and the green secure padlock on your browsers and you’re pretty darn sure the setup was done right.

But guess what.. it’s not.

So what’s missing?

SSL Endpoints

The phrase ‘endpoint’ in simple English refers to two ends of a communication. For SSL endpoints, this refers to an interface exposed by a communicating party or a communication channel. Checking SSL endpoints after installation is extremely important for vulnerability inspection and is arguably the most important aspect of security. If SSL endpoints are not configured correctly or not using the most up-to-date security protocols, your organization could be at risk of a cyber attack.

How to check SSL Endpoints

ssl end points

DigiCert has come up with a tool called DigiCert Certificate Inspector to help diagnose and inspect certificates installed in the server. With many known vulnerabilities (HeartBleed, Poodle, BEAST, BREACH, weak cipher suites, RC4) associated with SSL, it is best to deactivate them if possible. 

qualys ssl endpoint

Besides DigiCert free to use tool, Qualys Inc. – provider of cloud security – has developed an SSL server test over the browser that analyzes SSL web server deployments and identifies configuration issues.

Both tools are excellent giving you a grading system on your configuration and provides details on improvements to be made. DigiCert however, records your past scans to demonstrate the changes you have made progressively.

As a precaution to ensure that your server is not vulnerable, you should aim to reach a grade of A/A+.

Bonus Points for Support

That said, things are usually easier said than done; which is why having an SSL support will come in handy. Certificate Authorities such as DigiCert offers 24/7 live chat support answering questions you may have regarding SSL endpoint configuration. This will speed up the process of getting all vulnerabilities fixed, keeping your servers safe from man-in-the-middle (MITM) attacks in the shortest time possible.

What Now?

Cyber Secure Asia have been through the process as outlined above and would like to share that SSL encryption is not just a one-off process. Rather, there is a need to consistently monitor, inspect, deploy and update endpoints during the lifetime of the certificate; only then will SSL certificate provide complete security for your servers.

Share :    

Back to Blog