Improving Web Application Security: Threats and Countermeasures
If your Web application supports HTTPS (SSL) over port 443, you must install a server certificate. This is required as part of the session negotiation process that occurs when a client establishes a secure HTTPS session.
A valid certificate provides secure authentication so that a client can trust the server it is communicating with, and secure communication so that sensitive data remains confidential and tamperproof over the network.
During this step, you validate your server certificate.
Validate Your Server Certificate
Check the following four items to confirm the validity of your Web server certificate:
-
Check that the valid from and valid to dates are in range.
-
Check that the certificate is being used correctly. If it was issued as a server certificate it should not be used for e-mail.
-
Check that the public keys in the certificate chain are all valid up to a trusted root.
-
Check that it has not been revoked . It must not be on a Certificate Revocation List (CRL) from the server that issued the certificate.
Категории