Local testing tools: – SSLyze – SSLscan – SSLtap (provided by package nss) – tlssled Generate self signed certificate with 4096 key valid for 1095 days: # openssl req -new -x509 -nodes -newkey rsa:4096 -keyout server.key -out server.crt -days 1095 Generate diffie-hellman parameters with (at least) 2048-bit: (1/5) # openssl dhparam -out dhparams.pem 2048 Generate key certificate with (at least) 2048-bit: (2/5) # openssl genrsa -aes256 -out server.key.pem 2048 Generate certificate signature (3/5)