• Dashboards and Reporting Resources - Start Here

    Welcome to Dashboards and Reporting   Welcome to our Dashboards and Reporting space.  Here we will begin to collaboratively and constructively collect relevant legacy ...
    last modified by DMFezzaReed
  • Apache 2.2 site (no OCSP stapling) gets OCSP alert

    I'm intrigued as to why shows the "OCSP ERROR: Request failed with OCSP status: 6" alert together with "OCSP stapling = No". Another site, on the same server, using the same cert issuer, along with the same SSLCACert...
    last modified by gaia
  • Weak StartCom CA SHA1 only for Path #1

    Hi,   I don't understand why I have two trusted paths and why the StartCom Certification Authority certificate of the Path #1 is weak (= SHA1) and what is the solution to solve this. Thanks in advance.   ...
    Gaspard d'Hautefeuille
    last modified by Gaspard d'Hautefeuille
  • Handshake simulation

    I have a question about the handshake simulation. I've sometimes seen that this lists a cipher that is somewhere at the bottom of the server's preferred order list despite there being a cipher "above" that the client ...
    Anand Bhat
    last modified by Anand Bhat
  • Qualys Cloud Platform 2.6 (CertView) API notification 1

    A new release of Qualys Cloud Platform 2.6 (CertView) includes an updated API which is targeted for release in June 2020. The specific day will differ depending on the platform. See platform release dates on the Qualy...
    Jeff Leggett
    last modified by Jeff Leggett
  • SSL Labs Known Issues & SSL Labs IP Source IP Addresses

    This page documents the known issues with the SSL Labs code running in production (i.e., www.ssllabs.com).   If your issue is listed as fixed in the latest development version, check it at: https://dev.ssllabs.c...
    Ivan Ristić
    last modified by Robert Dell'Immagine
  • Cloudfront and Session resumption (caching) - No (IDs assigned but not accepted)

    Can get my reports on Cloudfront sites to level A. I think to get to A+ I need a way to solve this issue: Session resumption (caching) No (IDs assigned but not accepted)   Any ideas on how to crack that one?
    Greg Pagendam-Turner
    last modified by Greg Pagendam-Turner
  • Regarding RFC 7627 on Transport Layer Security (TLS) Session Hash and Extended Master Secret Extension will become a mandatory TLS extension

    Does Qualys SSL Server test will make this "extended Master secret" TLS extension mandatory to get A+ grade?
    Sajeev S
    last modified by Sajeev S
  • Incorrect Certificate Date

    How can I get an incorrect certificate expiration date corrected?
    Jane Zychowicz
    last modified by Jane Zychowicz
  • SSL Pulse dashboard

    The SSL Pulse dashboard is a great way to track the progress of the top sites, but the ordering needs some improvement.   Please can you move "Protocol support" and "Best protocol support" to places 3 and 4...
    Tom Fox
    last modified by Tom Fox
  • Trouble with intermediate certificate "Chain Issues: Incomplete"

    I am struggling with getting my intermediate certificate set up.  Everything is fine in ordinary web browsers.  But SSLLABS and Facebook both seem to have trouble with the intermediate.   SSL Server Te...
    Amanda Chaudhary
    last modified by Amanda Chaudhary
  • API Gateway - Application API Docs (Swagger)

    Module Version API Gateway Documentation FIM 1 https://gateway.qg1.apps.qualys.com/apidocs/fim/v1   FIM 2 https://gateway.qg1.apps.qualys.com/apidocs/fim/v2 ITAM/AI 1 https://gateway.qg1.apps.qualys.com/apid...
    Laura Seletos
    last modified by Laura Seletos
  • Product Feature Requests

    What is a Feature Request? A Feature Request is any suggestion for an enhancement to Qualys software. Feature Requests are not a contractual obligation for Qualys to develop the suggestion or to develop the request as...
    last modified by DMFezzaReed
  • No TLS 1.2 should result in an F score

    Sites such as Team Knowhow  that don't support TLS 1.2 are completely inaccessible in latest Firefox and Chrome (without clicking on dire warnings and 'Advanced' buttons and such). Surely this should ra...
    Jon Ribbens
    last modified by Jon Ribbens
  • False Grade F via SSLLabs API

    Hi,   I run regularly scan of some selected sites using SSL Labs API. On the 5th of December, I've noticed that one of the sites has received the grade F by automated scan. When I ran the scan manually via SSL L...
    last modified by pessoft
  • Two certificates downloaded during test on subdomain

    A test on my subdomain portal.peakdistrict.gov.uk (SSL Server Test: portal.peakdistrict.gov.uk (Powered by Qualys SSL Labs)) shows my valid certificate as expected, and is properly configured. However, it also lists a...
    Ross Hume
    last modified by Ross Hume
  • TLS 1.0 enabled, TLS 1.1 disabled - "A" score

    I have a site that previously had an "A+" score but is now capped at "B" since TLS 1.0 / 1.1 are enabled.   I disabled TLS 1.1 since almost no clients use it, and now I get an "A" score - even though TLS 1....
    David Carlin
    last modified by David Carlin
  • F grade : Zombie POODLE, Golden DOODLE & 0-length with openssl 1.1.1

    I'm currently using stunnel with openssl 1.1.1 on a ubuntu 18.04.4, with only TLS 1.2 and I'm getting a F grade with ssllabs. I have both CMC and GCM cipher suites. Sometimes I get a A grade, sometimes a F. When I g...
    Maxime Roullier
    last modified by Maxime Roullier
  • Signer Certificate use and management

    I have a certificate database which consists of "Signer Certificates"  "Personal Certificates"  "Certificate Requests"   I have several signer certificates which are expired. Can I delete these expire...
    Carson Austin
    last modified by Carson Austin
  • Does Server Test report ESNI status? Will it in the future?

    Are there any plans for the SSL Labs - Server Test to report on whether the server supports Encrypted Server Name Indication (ESNI)?   If the Server Test already reports on this, can someone direct me to wh...
    Greg Williams
    last modified by Greg Williams