HTTPS TLS Configuration Template

This template helps you implement secure HTTPS/TLS configurations with proper certificate management, security headers, and best practices for web application security.

Sample Prompt

Configure HTTPS/TLS for a production web application:
- SSL certificate procurement and installation
- TLS 1.3 configuration with secure cipher suites
- Security headers: HSTS, CSP, X-Frame-Options
- Certificate auto-renewal with Let's Encrypt
- Load balancer and CDN SSL termination
- Security monitoring and vulnerability scanning

What This Template Covers

• Certificate management including procurement, installation, and renewal processes
• TLS configuration with secure protocols, cipher suites, and security settings
• Security headers implementation for additional protection layers
• Performance optimization balancing security with connection speed
• Monitoring and maintenance for certificate expiration and security updates
• Compliance considerations for industry standards and regulatory requirements

Best Practices

1. Use TLS 1.3 or at minimum TLS 1.2 with secure cipher suites
2. Implement HSTS to enforce HTTPS connections and prevent downgrade attacks
3. Set up automatic certificate renewal to prevent expiration-related outages
4. Use strong security headers including CSP, X-Frame-Options, and others
5. Monitor certificate expiration with alerting and automated renewal
6. Regularly update TLS configurations to address new vulnerabilities
7. Test SSL/TLS setup with tools like SSL Labs for security validation
8. Document configuration for team knowledge and incident response

When to Use This Template

• Securing web applications with HTTPS/TLS encryption
• Meeting security compliance requirements
• Implementing certificate management for production systems
• Optimizing SSL/TLS performance for high-traffic applications
• Setting up secure communication for API endpoints

The Script

peep https-tls-configuration