The Challenge

Many of us rely on our hosting or service providers to keep our SSL Certificates current. An expired SSL Certificate can lead to browser incompatibilities and pose significant security risks. Depending on the type of Certificate you possess, your site might be vulnerable to various attacks. Later sections will outline specific vulnerabilities and help you determine your site's safety.

However, this tool can quickly inform you whether your site is secure and up to date. You'll also find out when your certificate is set to expire, allowing you to plan accordingly or alert your service provider to ensure timely renewal.

The Solution

Photo Credit: From the Qualys website listed above — a dynamic response to the test of my website.

The summary indicates that this server supports TLS 1.3, the most advanced and secure version available, which also offers improved speed compared to older versions, as noted in this article by Cloudflare. Released in 2018, TLS 1.3 remains the latest version.

Another critical area where many sites fall short is the CAA (Certification Authority Authorization), mandated by the CA/Browser Forum. Introduced in RFC6844 in 2013, this framework aims to enhance the robustness of Public Key Infrastructure (PKI) by regulating which Certificate Authorities (CAs) can issue certificates for specific domains. Clicking the link in the report will provide further insights.

Photo Credit: From the Qualys website listed above — a dynamic response to the test of my website.

Configuration Insights

The report reveals whether your site allows backward compatibility with older SSL versions. This is crucial, as several attacks exploit weaknesses in outdated SSL protocols. My results confirmed that my site does not support any version earlier than TLS 1.2, which is ideal.

Photo Credit: From the Qualys website listed above — a dynamic response to the test of my website.

The report also lists the Cipher Suites supported by your site. According to Wikipedia, a Cipher Suite is a set of algorithms that secure a network connection using TLS. While it may seem complex, cipher experts likely appreciate this detailed information.

Photo Credit: From the Qualys website listed above — a dynamic response to the test of my website.

Browser Compatibility

The subsequent section simulates handshakes between your site and numerous browsers globally. It indicates which browsers your site supports and which it does not. A lack of support for older browsers is not always negative, as they may harbor security vulnerabilities that have been rectified in newer versions. For example, Internet Explorer version 11 on Win Phone 8.1 failed, while the 8.1 Update passed, likely due to vulnerabilities that necessitate browser upgrades.

Photo Credit: From the Qualys website listed above — a dynamic response to the test of my website.

Identifying Vulnerabilities

Finally, one of the most impressive features of this tool is its ability to highlight common vulnerabilities and attacks that may target your website. It provides crucial information regarding whether your site is susceptible to specific threats like DROWN, POODLE, BEAST, Heartbeat, and Heartbleed. For instance, it confirmed that my site is not vulnerable to any versions of the Poodle attack, primarily because it supports only TLS 1.2 or higher. Most vulnerabilities identified in the report are older and can be mitigated with an up-to-date TLS version.

Photo Credit: From the Qualys website listed above — a dynamic response to the test of my website.

If you haven't added this website to your toolkit for security assessments, it's a simple yet effective resource. And the best part? It's free! I would gladly pay for such a comprehensive report; it's that valuable.

Thank you for taking the time to read this article. Please share any other security topics you would like to see discussed, and feel free to connect with me on social media.