Thursday, July 13, 2017

How to get A+ on SSL Labs running Tomcat

In my previous posting, we brought our tomcat server to Grade A on SSL Labs.
However, to archive A+, it requires more.

You need to enable HSTS. You can following this post to enable HSTS.

One problem I encountered with SSL Labs is the SNI. If we run the test under the default domain, HSTS test works. But if we run it under other domains, HSTS test will fail. So you end up with Grade A instead of A+.

So make sure you test it using your default domain.

No comments:

Post a Comment