Services

AI & Agentic Systems Core Information Systems Cloud & Platform Engineering Data Platform & Integration Security & Compliance QA, Testing & Observability IoT, Automation & Robotics Mobile & Digital

Industries

Banking & Finance Insurance Public Administration Defense & Security Healthcare Energy & Utilities Telco & Media Manufacturing Logistics & E-commerce Retail & Loyalty

References Technologies

Lab

Blog Know-how Tools

About Collaboration Careers

CS EN DE

SSL/TLS checklist

03. 08. 2024 Updated: 24. 03. 2026 1 min read intermediate

HTTPS is the foundation. But is your TLS configuration truly secure?

Certificate¶

☐ Valid certificate (no self-signed in production)
☐ Automatic renewal (Let’s Encrypt + certbot)
☐ Certificate chain complete
☐ Wildcard or SAN for subdomains

Protocols¶

☐ TLS 1.2 minimum
☐ TLS 1.3 preferred
☐ SSL 2.0/3.0 and TLS 1.0/1.1 DISABLED
☐ Strong cipher suites
☐ Forward secrecy (ECDHE)

Headers¶

☐ HSTS (Strict-Transport-Security)
☐ HTTP → HTTPS redirect
☐ HSTS preload (optional)
☐ Expect-CT (deprecated, but still useful)

Testing¶

☐ SSL Labs test (A+ rating)
☐ Certificate expiry monitoring
☐ Mixed content check
☐ OCSP stapling working

Automation¶

Let’s Encrypt + certbot –renew = no expired certificates.

ssltlssecurity

Share:

CORE SYSTEMS team

We build core systems and AI agents that keep operations running. 15 years of experience with enterprise IT.

All articles

More know-how

SSL/TLS certificates in Java applications

Managing SSL certificates in Java keystores. Keytool, truststore, mutual TLS and common HTTPS problems.

SSL/TLS Configuration — Secure HTTPS

Proper TLS 1.3 configuration, cipher suites, certificates.

Let's Encrypt: Free SSL Certificates for Everyone

Let's Encrypt opens its public beta and offers automated, free TLS certificates. HTTPS is becoming the standard —...

mTLS in Practice

Mutual TLS authentication, certificates, and deployment.