Bulletproof TLS Guide
Version 2025.1 (build 143), published in May 2025.
All rights reserved. No part of this publication may be reproduced, stored in a retrieval system, or transmitted, in any form or by any means, without the prior permission in writing of the publisher.
The author and publisher have taken care in preparation of this book, but make no expressed or implied warranty of any kind and assume no responsibility for errors or omissions. No liability is assumed for incidental or consequential damages in connection with or arising out of the use of the information or programs contained herein.
Feisty Duck Limited
www.feistyduck.com
contact@feistyduck.com
Production editor: Jelena Girić-Ristić
Copyeditor: Melinda Rankin
Copyright ©
2025
Feisty Duck Limited. All rights reserved.
Table of Contents
- Preface
- Chapter 1. Configuration Guide
- 1.1 Private Keys and Certificates
- 1.1.1 Use Strong Private Keys
- 1.1.2 Secure Your Private Keys
- 1.1.3 Choose the Right Certification Authority
- 1.1.4 Prevent Certificate Warnings
- 1.1.5 Restrict Key and Certificate Sharing
- 1.1.6 Think Chains, Not Certificates
- 1.1.7 Deploy Certification Authority Authorization
- 1.1.8 Automate Certificate Renewal
- 1.1.9 Consider Short-Lived Certificates
- 1.1.10 Use Certificate Transparency Monitoring
- 1.2 Configuration
- 1.3 HTTP and Application Security
- 1.4 Performance
- 1.5 Validate and Monitor
- 1.1 Private Keys and Certificates