SSL/TLS Configuration Checklist

All verification points for an optimal HTTPS configuration.

A poorly configured SSL certificate can be worse than no certificate at all: browser warnings, mixed content errors, or security vulnerabilities.

This checklist covers all essential points to verify before and after SSL deployment.

Use it as a pre-production verification or for auditing your existing configuration.

Obtention du Certificat

Première étape : obtenir le bon certificat :

  • Choisir le type de certificat adapté (DV, OV, EV, Wildcard)
  • Générer une clé privée sécurisée (RSA 2048+ ou ECDSA)
  • Créer le CSR (Certificate Signing Request)
  • Valider la propriété du domaine
  • Télécharger le certificat et la chaîne intermédiaire

Server Configuration

Technical settings for optimal security:

  • Installer le certificat sur le serveur web
  • Configurer la chaîne de certificats complète
  • Activer la redirection HTTP vers HTTPS
  • Configurer les protocoles TLS (désactiver TLS 1.0/1.1)
  • Choisir des cipher suites sécurisées

Sécurité Avancée

Renforcer la sécurité :

  • Activer HSTS (après tests complets)
  • Configurer OCSP Stapling
  • Ajouter l'enregistrement CAA en DNS
  • Vérifier le score SSL Labs (viser A+)

Monitoring SSL

Surveiller vos certificats :

  • Configurer le monitoring d'expiration (alerte 30/14/7 jours)
  • Surveiller la validité de la chaîne
  • Alerter sur les erreurs SSL
  • Documenter la date de renouvellement

Frequently Asked Questions

How often should I run this checklist?

At every certificate renewal, after any server configuration change, and proactively every quarter.

My certificate is valid but the browser shows a warning?

Likely an incomplete intermediate chain issue. Use SSL Labs to diagnose.

What SSL Labs score should I aim for?

A+ is ideal. A is acceptable. Anything below B indicates significant issues to fix.

How do I automate this verification?

MoniTao monitors your SSL certificates continuously and alerts you before expiration or in case of configuration issues.

Never Neglect SSL

An optimal SSL configuration protects your users and strengthens your SEO. Google favors sites with valid, well-configured HTTPS.

With MoniTao, you are automatically alerted before certificate expiration and in case of detected anomalies.

Useful Links

Ready to Sleep Soundly?

Start free, no credit card required.

Create My Account See pricing