SSL Labs has created an SSL/TLS Deployment Best Practices guide. The guide contains valuable information on how to deploy SSL in your environment.
The data from SSL Pulse shows us there are plenty of SSL implementations that could be executed more securely. These problems are not from the CA, the certificate, the browser or the server. These problems are from the user not deploying the server properly.
Here are some notes from the guide that could help:
- Renew SSL certificates every year to help protect your private keys
- Wildcard certificates are generally best avoided
- Criteria for choosing a reliable Certification Authority (CA)
- Enforce SSL encryption throughout your website — no exceptions
- Deploy HTTP Strict transport Security (HSTS)
I recommend the guide to help learn how you can deploy your webserver more securely.
