SSL/TLS seems simple, you go to a CA to prove who you are they give you a credential, you install it on your server, turn on SSL and then you are done.
Unfortunately there is more to it than that, I recently had an opportunity to contribute to a Best Practices Guide (PDF) that aims to provide clear and concise intructions to help administrators understand how to people deploy it securely.
The intention is to work on an advanced version of this document in the future that covers more details and advanced topics as well (think OCSP Stapling, SPDY, etc).
I hope you find it useful.
The v1.0 PDF dates from 2012, which doesn’t seem so long ago, but, at a glance, the “Bulletproof SSL and TLS” book (ch. 8) has completely rewritten and updated the info in this PDF.
I think it would be helpful to people who find this page to have a little note pointing them to https://www.feistyduck.com/books/bulletproof-ssl-and-tls/ and perhaps to v1.3 of this PDF, at https://www.ssllabs.com/downloads/SSL_TLS_Deployment_Best_Practices_1.3.pdf
Thanks again for the great resources. Just starting on the book.
Larry