Monday, May 14, 2018

How to get a A+ for your HTTPS websites from SSLLAB

We've explored the DNS CAA records for certificate  in  a past blog post


But another sure way to increase your SSLLAB score is to enable HPKP ( http public key pining ). This process is simple to  create and if you can inject the  HTTP-header "Public-Key-Pins:" and the pin, you can increase the  comfort level within the browser.

Here's   typical A+ score as seen on SSLAB for a website i just recently built

I'm going to focus on HPKP pinning.

1st to find your  https-site public-key is quite simple.


openssl s_client -connect | openssl x509 -noout -pubkey   > yoursitepub.key

The above example will create a file with the following  context

Alternative,  you can use the quick hpkp  calculator ;)

Tools that's helpful


In a F5, you can  apply a public key pin  with in a LTMPOLICY

Now keep in mind Google has  redacted the HPKP  in a recent announcement and they  refer to the Expect-CT header.



NSE ( network security expert) and Route/Switching Engineer
kfelix  -----a----t---- socpuppets ---dot---com
     ^      ^
=(  @  @ )=
        /  \

No comments:

Post a Comment