After installing the SSL certificate on the Nginx web server, you need to check if it is installed correctly.
I installed the SSL certificate two months ago. The Sectigo ECC certificate.
Now I change the certificate files.
Previously, I put the site SSL certificate file content and the SSL-bundle file altogether. The final SSL certificate file is 4.36KB. It includes three certificates. The guide is from Comodo official site. Sectigo site has a similar guide here.
Now, I remove the last one. Just keep the site certificate and the middle one. Total size is 3.01KB.
The certificate I deleted from the old file is for USERTrust ECC Certification Authority. It is already included in the Trusted Root CA list.
Then, I tested the new certificate file, which has two certificates only, on different online SSL checking tools.
It is 2016, your website must be SSL encrypted. Now, you have questions, how about my server and how about my SSL installation? This is the answer to this question. You must try these five free tools to test, check, analyse your https website.
It is an SSL checker. Enter server hostname and click check SSL button. It will give you the brief results, including server type, certificate CA, expiration day, etc.
No.2 Symantec CryptoReport
It is a powerful tool with good design. The result is more and it is the only one can tell you how many certificates installed. Look at below, the report said, I have RSA and ECC certificates installed. The report
The report has following information:
Certificate is installed correctly.
Certificate chain installation part.
Server configuration:(Server type, IP, Port, Protocols, Cipher suites, etc.)
Now my Blog, David Yin Blog is https encrypted . And it is also HSTS enabled. And latest, it is HSTS preload enabled.
It has three layers meaning.
HSTS preload enabled.
Let me explain them one by one.
First, add https support. I did this step on Feb. 2016, when I announced that SSL added. I recorded how I get the SSL certificate and install it on Nginx web server.
After that, all content send back and force from my Blog to an audience is encrypted. Even ISP can not read the content from the data traffic.
Second, I add the HSTS into the Nginx configuration, to make it more secure.
What is HSTS?
HTTP Strict Transport Security (HSTS) is a web security policy mechanism which helps to protect websites against protocol downgrade attacks and cookie hijacking. It allows web servers to declare that web browsers (or other complying user agents) should only interact with it using secure HTTPS connections, and never via the insecure HTTP protocol. HSTS is an IETFstandards track protocol and is specified in RFC 6797