This site is using cookies to manage navigation and other tasks! We are not using any cookies for analytics or marketing purposes. All cookies are deleted when the session times out or you close your browser. You can find more information about this in our Privacy Information!
On this page we will try to answer questions that are often asked. If your question is not answered here, please contact us at sigma-support(at)silverday.de.
The API is what I call a special feature and needs to be enabled for you by an admin. You can request the activation of the feature via the contact form. Activation of special features is usually done for users who support the site in some form. You could buy me coffee or ten .....
Keywords: api, special feature
If either you grade is below B, or maybe even T, and SIGMA shows a problem icon, you should check the details of your server certificates. Look for one of these problems:
Keywords: certificate, problem, grade
Well, most common reasons are either your certificate is expired (too old) or the issuing Certificate Authority certificates are not valid, because they are outdated or the Certificate Authority as such is not trusted (company internal CA, self signed certificate, ....)
Keywords: grade, grade t, certificate, trust
SIGMA is showing the grading as assigned by SSLLabs. Please see the official documentation by SSLLabs: https://github.com/ssllabs/research/wiki/SSL-Server-Rating-Guide
Keywords: certificates, grades
SIGMA avoids using cookies as far as possible and uses only a session cookie to manage its functionality. When this cookie times out (or is timed out by a security concious browser) you are logged out. Simple as that. Keeping you logged in may be comfortable, but it is also a security risk. And since SIGMA also serves as a prototype for my user management I try to keep as secure as possible.
Keywords: session, cookie, inactivity, logout, log out
Not really. Reports are only updated every three days. An availability monitoring would require a check every few minutes. The usecase of SIGMA is the monitoring of the security configuration of a site.
Keywords: monitoring, availability
SIGMA is meant to complement SSLLabs and not replace it. SSLLabs requires you to do the scanning and archiving of results manually which is okay if you only have one or two sites. SIGMA automates this for you by submitting your site for testing and archiving the results. SIGMA also does a quick evaluation for the most common problems. For a detailed analysis checking the results at SSLLabs is always recommended.
Keywords: ssllabs, sigma
SIGMA (or rather SSLLabs) will only scan web servers. SFTP servers are usually using a different port (and protocol).
Keywords: server, ftp, sftp, protocol, port
Well, I would to have some goodies I can give to people who support the site. Eventhough I am providing most features for free and this is a hobby, the maintenance of the server and the site costs money and time. If you find this (and my other sites) useful, I will not refuse a coffee, or other support you may want to give.
Keywords: special features, groups, api, support, coffee
Some of the processes at SIGMA (scanning, messaging, housekeeping, ...) are run via queues to make scaling easier. These queues are checked in certain intervals for open entries. Some queues, like scanning are running every 5 minutes. The messaging queue is run every 15 minutes.
Keywords: queues, delay
Groups enable you to manage hostlists within a team. creating and managing groups requires the manager to have the special permission "Groups". This permission can be requested via the contact form. Once a group is created the owner can add members with different roles: - Reader can only view the group - Editor can add and remove hosts - Manager can add and remove members
Keywords: groups, members, shared list, special feature
You can only add sites, that are also on your personal site list. If you have no sites in your personal list, the option to add a site is not available. Also if a site is not in your personal list, it will not be shown in the dropdown to add a site.
Keywords: group, editor, manager, sitelist
A more complex password does not automatically make it more secure. Users tend to add a running number to their standard password or use a birthday or something else. At the moment the recommendation is to not require a complex password, but to add a second factor. You can enable two factor authentication in your user menu.
Keywords: password, authentication, 2fa, two factor authentication
Just leave it empty! As indicated, the token is optional. It is only required if you have activated two factor authentication. I would strongly advise though to activate two factor authentication!
Keywords: login, token, two factor authentication, 2fa
Either you entered your credentials wrong three times or somebody else tried to guess your userid and/or password. once three failed logins are detected the system will lock your account and send you an email explaining how to unlock it again. As an additional security measure I strongly advise to activate two factor authentication for your account.
If you continue to have problems logging in please contact SIGMA-Support(at)silverday.de.
Keywords: account locked, failed login, login
Click on your username in the upper right corner and then on "Manage 2-Factor Auth.". Follow the instructions on the page to activate two factor authentication
Keywords: 2fa, two factor authentication
In the background SIGMA maintains a central table with alle the sites ever registered. When you add a site to your list that is already in that table then you are shown the results immediately and you also have access to the historical data.
When you enter a site that does not exist at SIGMA yet, it is added to the central table and a scan is scheduled. The internal queue manager then picks up the site, submits it to SSL Labs for scanning, and picks up the results when the scanning is done. This process can take up to 30 minutes depending on the number of endpoints at your site and the current number of active scans. test
Keywords: sites, status, scan, results
Well, we never claimed to be a complete replacement for SLL Labs. The goal of SIGMA is to make it easier keeping an overview over a lot of sites and for this the available information should be enough. At the same time we are continually tweaking the available functionality and if you convince us to add a certain information (and we have the time for it) we will add it.
Keywords: sites, status, scan, results
You can queue your site for scanning in the dropdown at the end of the line. You can request a new requeue every 30 minutes.
Keywords: sites, status, scan, rescan, queue
If for some reason the certificate of your site is not trusted your site is assigned the grade 'T'. In these cases the second grade indicates what the grade would be if your certificate were valid.
Keywords: sites, status, scan, results, grades
Even though we are archiving the raw data we receive from SSL Labs, we are usually not updating the parsed database entries. At the moment we do not have the resources to assign a seperate server process to update the entries. Every portal is rescanned every three days at which point the details are updated. If you need the results urgently, please send us the name of the portal via the contact form and we will manually queue the portal.
Keywords: sites, status, scan, results, grades
Simply click the button 'Show all Sites' (upper right corner, yellow button when you are in the List view) to see the rest of your sites again.
Keywords: lists, site overview, show all sites
Hosts can be blacklisted for various reasons:
Keywords: sites, blacklist
The grading of SSLLabs takes a lot more details into consideration than SIGMA can show. SIGMA shows only the most relevant information and is not meant to replace SSLLabs. If you cannot see the reason for a lower grade I would always advise to check the detailed results on the SSLLabs site. A direct link is available in the site options menu.
Keywords: grade, problem, inconclusive
Your site was automatically suspended because it was not reachable for a scan or had another problem. Please fix the issue. Then you can click the "suspended"-icon and request the suspension to be lifted.
Keywords: site, suspended
The first thing you should do is to check in the detail view what vulnerability was found. I would also advise to check the results directly on SSL Labs to see if there is more. The next thing you should uregntly check your server. Are all updates installed? All patches applied? Is the software so far outdated it no longer receives updates? Go through the SSL-configuration of your server to check for outdated cyphers, protocols, etc.
If you are unable to find anything there is always the possibilitiy that it is a false alarm due to a bug on SIGMA or the SSL Labs Scanner, in which case you should notify us.
Keywords: vulnerability, next steps