RE: Secure Sentora Login with Let's Encrypt
01-31-2016, 07:02 PM
(This post was last modified: 01-31-2016, 07:05 PM by denellum.)
Just want to help add more security and get an A+ ranking on the following SSL cert testing site https://www.ssllabs.com/ssltest on a CentOS 7 server :
Credit to the guys that helped with this : https://cipherli.st/
The first part of the guide will require you to configure some things via SSH, so go ahead and log into your server via SSH.
Edit ssl.conf :
Find LogLevel warn
add after:
Search for SSLProtocol all -SSLv2 :
Replace it with it commented out :
Search for SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5:!SEED:!IDEA :
Replace it with it commented out :
Now simply go back to your control panel and go to : admin > Module Admin > Apache Config > Global Sentora Entry
Add the following AFTER your SSL certs :
Go back to your server and run a quick reset and update the daemon :
Now test your domain over at SSLlabs :
https://www.ssllabs.com/ssltest/
Credit to the guys that helped with this : https://cipherli.st/
The first part of the guide will require you to configure some things via SSH, so go ahead and log into your server via SSH.
Edit ssl.conf :
Code:
vi /etc/httpd/conf.d/ssl.conf
Find LogLevel warn
Code:
/LogLevel warn
add after:
Code:
#https://cipherli.st/
SSLCipherSuite EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH
SSLProtocol All -SSLv2 -SSLv3
SSLHonorCipherOrder On
Header always set Strict-Transport-Security "max-age=63072000; includeSubdomains; preload"
Header always set X-Frame-Options DENY
Header always set X-Content-Type-Options nosniff
# Keeping bellow for future upgrades.
# Requires Apache >= 2.4
off
Off
on
"shmcb:logs/stapling-cache(150000)"
Search for SSLProtocol all -SSLv2 :
Code:
/SSLProtocol all -SSLv2
Replace it with it commented out :
Code:
all -SSLv2
Search for SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5:!SEED:!IDEA :
Code:
/SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5:!SEED:!IDEA
Replace it with it commented out :
Code:
HIGH:MEDIUM:!aNULL:!MD5:!SEED:!IDEA
Now simply go back to your control panel and go to : admin > Module Admin > Apache Config > Global Sentora Entry
Add the following AFTER your SSL certs :
Code:
SSLCipherSuite EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH
SSLProtocol All -SSLv2 -SSLv3
SSLHonorCipherOrder On
Header always set Strict-Transport-Security "max-age=63072000; includeSubdomains; preload"
Header always set X-Frame-Options DENY
Header always set X-Content-Type-Options nosniff
# Keeping bellow for future upgrades.
# Requires Apache >= 2.4
off
Off
on
"shmcb:logs/stapling-cache(150000)"
Go back to your server and run a quick reset and update the daemon :
Code:
php -q /etc/sentora/panel/bin/daemon.php && service httpd restart
Now test your domain over at SSLlabs :
https://www.ssllabs.com/ssltest/