To gain an A+ rating over at SSL labs requires your website’s SSL to be configured with the follow principles:

  • A large key size: 4096bits
  • HTTP Strict Transport Security
  • A VirtualHost configuration for the website that meets minimum requirements (see bottom).

You don’t need a trusted certificate to get an A+. The SSLlabs tool will grade you as T due to trust hierarchy issues, but underneath it does say “If trust issues are ignored: A+”, as you can see below.

SSLlabs
The Apache directives below must be included in your VirtualHost’s configuration. Credit for this template goes to the Arch Linux AUR GitLab maintainer. Please not that SSLCipherSuite’s long configuration string must all be on the same line.
<br></br>
SSLEngine on<br></br>
SSLProtocol all -SSLv2<br></br>
SSLHonorCipherOrder on<br></br>
SSLCipherSuite "ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:<br></br>
ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS"<br></br>
Header add Strict-Transport-Security: "max-age=15768000;includeSubdomains"<br></br>
SSLCompression Off<br></br>
SSLCertificateFile /path/to/yourwebsite.crt<br></br>
SSLCertificateKeyFile /path/to/yourwebsite.key<br></br>
ServerName your.servername.com<br></br>
ServerSignature Off