The certificate: The certificate has two keys, the public key which contains a set of information and can be used to encrypt a message that can only be decrypted by the associated private key known only to the recipient.
The Security Rating® is based on 3 main control points:
1. The Name Matches :
Name match is a common name mismatch error, i.e. the common name of your certificate does not match the domain name. The mismatch error occurs due to incorrect server settings or incorrect information being provided when purchasing an SSL.
2. Le Not After Date :
The Not After Date informs you that your certificate is no longer valid, which is used to guarantee the user that the server they are communicating with is who they claim to be. An invalid certificate makes active interception much easier for an attacker.
3. The Not Self Signed :
The Not Self Signed feature enables the Security Rating to find out which certificates are self-signed and which require validation and verification by a recognised certification authority. A self-signed certificate poses problems of trust, as users' browsers are unlikely to be able to validate the certificate. The certificate is used to guarantee the user that the server they are communicating with is who they claim to be.
Installation advice :
When installing a certificate on an HTTPS server, it is necessary to install the complete certification chain on this server, enabling it to be traced back to the ‘root’ certificate known to all browsers or programs using TLS/SSL.
Avoid configuring a vhost ‘by default’, as this will prevent errors and highlight incorrect configurations.
Avoid multiple accesses to the same website via different names when this is not necessary: it systematically generates configuration disparities.