Skip to main content

vast limits GmbH and uberAgent are now part of Citrix, a business unit of Cloud Software Group. Learn more at


Configuring for an A+ SSL Security Rating

  • by Helge Klein
  • November 24, 2016

Securing all communications on the internet becomes increasingly important. We switched all our sites to HTTPS only years ago, but simply enabling HTTPS is not enough, of course. The configuration needs to be carefully fine-tuned in order to really be secure.

Qualys Labs SSL Server Test

A great way to check a website’s SSL/TLS configuration is the Qualys Labs SSL server test. With recent improvements and a brand-new certificate from Digicert we are very happy about the A+ rating for in that test.


Webserver Configuration

In case you are interested in the webserver’s configuration: Helge explains how to setup and configure a secure webserver for WordPress in this blog post. The article includes detailed SSL/TLS configuration instructions. Some key points to remember:

  • Disable SSLv2 and SSLv3: those protocols are old and have security issues. Every existing browser supports at least one variant of TLS, so there is no reason to keep SSL enabled.
  • Use the optimal SSLCipherSuite string: many different encryption algorithms are available for HTTPS/TLS. While we want to make sure older devices are supported, too, we want to use the strongest possible encryption with every device. That is why not only the content but also the order of the cipher suites is important.
  • Enable HTTP Strict Transport Security (HSTS): this tells the browser to only use encrypted connections for a website and never even try unencrytped HTTP.
  • Set a content security policy: this configures where website content may be loaded from.

Free Certificates from Let’s Encrypt

Webserver certificates have been quite expensive traditionally. The associated cost is by far the most important reason why most sites’ admins did not bother offering HTTPS. However, people’s mindsets are changing and security is being considered more and more important. A very welcome recent development is the creation of Let’s Encrypt, a free, automated and open certificate authority.

There really isn’t any reason anymore not to switch your site to HTTPS only.

About uberAgent

The uberAgent product family offers innovative digital employee experience monitoring and endpoint security analytics for Windows and macOS.

uberAgent UXM highlights include detailed information about boot and logon duration, application unresponsiveness detection, network reliability drill-downs, process startup duration, application usage metering, browser performance, web app metrics, and Citrix insights. All these varied aspects of system performance and reliability are smartly brought together in the Experience Score dashboard.

uberAgent ESA excels with a sophisticated Threat Detection Engine, endpoint security & compliance rating, the uAQL query language, detection of risky activity, DNS query monitoring, hash calculation, registry monitoring, and Authenticode signature verification. uberAgent ESA comes with Sysmon and Sigma rule converters, a graphical rule editor, and uses a simple yet powerful query language instead of XML.

About vast limits

vast limits GmbH is the company behind uberAgent, the innovative digital employee experience monitoring and endpoint security analytics product. vast limits’ customer list includes organizations from industries like finance, healthcare, professional services, and education, ranging from medium-sized businesses to global enterprises. vast limits’ network of qualified solution partners ensures best-in-class service and support anywhere in the world.


Your email address will not be published. Required fields are marked *