Frequently Asked Questions

On this page we will try to answer questions that are often asked. If your question is not answered here, please contact us at sigma-support(at)silverday.de.

Certificates

If either you grade is below B, or maybe even T, and SIGMA shows a problem icon, you should check the details of your server certificates. Look for one of these problems:

  • Is the domain of the portal included in either the Common Names or the Alternative Names?
  • Is your certificate still valid?
  • Is the certificate chain complete (eg. are the cerificates of the issuing certificate authority installed)
If you cannot find the problem with the details SIGMA shows you, check the results at SSl Labs directly, as they have a lot more details in their report.

Keywords: certificate, problem, grade

Well, most common reasons are either your certificate is expired (too old) or the issuing Certificate Authority certificates are not valid, because they are outdated or the Certificate Authority as such is not trusted (company internal CA, self signed certificate, ....)

Keywords: grade, grade t, certificate, trust

General

SIGMA avoids using cookies as far as possible and uses only a session cookie to manage its functionality. When this cookie times out (or is timed out by a security concious browser) you are logged out. Simple as that. Keeping you logged in may be comfortable, but it is also a security risk. And since SIGMA also serves as a prototype for my user management I try to keep as secure as possible.

Keywords: session, cookie, inactivity, logout, log out

Not really. Reports are only updated every three days. An availability monitoring would require a check every few minutes. The usecase of SIGMA is the monitoring of the security configuration of a site.

Keywords: monitoring, availability

SIGMA is meant to complement SSLLabs and not replace it. SSLLabs requires you to do the scanning and archiving of results manually which is okay if you only have one or two sites. SIGMA automates this for you by submitting your site for testing and archiving the results. SIGMA also does a quick evaluation for the most common problems. For a detailed analysis checking the results at SSLLabs is always recommended.

Keywords: ssllabs, sigma

SIGMA (or rather SSLLabs) will only scan web servers. SFTP servers are usually using a different port (and protocol).

Keywords: server, ftp, sftp, protocol, port

Security

A more complex password does not automatically make it more secure. Users tend to add a running number to their standard password or use a birthday or something else. At the moment the recommendation is to not require a complex password, but to add a second factor. You can enable two factor authentication in your user menu.

Keywords: password, authentication, 2fa, two factor authentication

Just leave it empty! As indicated, the token is optional. It is only required if you have activated two factor authentication. I would strongly advise though to activate two factor authentication!

Keywords: login, token, two factor authentication, 2fa

Either you entered your credentials wrong three times or somebody else tried to guess your userid and/or password. once three failed logins are detected the system will lock your account and send you an email explaining how to unlock it again. As an additional security measure I strongly advise to activate two factor authentication for your account.

If you continue to have problems logging in please contact SIGMA-Support(at)silverday.de.

Keywords: account locked, failed login, login

Click on your username in the upper right corner and then on "Manage 2-Factor Auth.". Follow the instructions on the page to activate two factor authentication

Keywords: 2fa, two factor authentication

Sites

In the background SIGMA maintains a central table with alle the sites ever registered. When you add a site to your list that is already in that table then you are shown the results immediately and you also have access to the historical data.

When you enter a site that does not exist at SIGMA yet, it is added to the central table and a scan is scheduled. The internal queue manager then picks up the site, submits it to SSL Labs for scanning, and picks up the results when the scanning is done. This process can take up to 30 minutes depending on the nuber of endpoints at your site and the current number of active scans. test

Keywords: sites, status, scan, results

Well, we never claimed to be a complete replacement for SLL Labs. The goal of SIGMA is to make it easier keeping an overview over a lot of sites and for this the available information should be enough. At the same time we are continually tweaking the available functionality and if you convince us to add a certain information (and we have the time for it) we will add it.

Keywords: sites, status, scan, results

You can't, sorry. At the moment each site is automatically queued for a rescan every three days. while best practices do change they usually do not change that quickly. If we become aware of a current threat any admin can queue one or all sites for a rescan manually.

Keywords: sites, status, scan, rescan, queue

If for some reason the certificate of your site is not trusted your site is assigned the grade 'T'. In these cases the second grade indicates what the grade would be if your certificate were valid.

Keywords: sites, status, scan, results, grades

Even though we are archiving the raw data we receive from SSL Labs, we are usually not updating the parsed database entries. At the moment we do not have the resources to assign a seperate server process to update the entries. Every portal is rescanned every three days at which point the details are updated. If you need the results urgently, please send us the name of the portal via the contact form and we will manually queue the portal.

Keywords: sites, status, scan, results, grades

Simply click the button 'Show all Sites' (upper right corner, yellow button when you are in the List view) to see the rest of your sites again.

Keywords: lists, site overview, show all sites

Hosts can be blacklisted for various reasons:

  • Blacklist request by owner: On SSL Labs as well as as here on SIGMA domain owners can request their domain is not scanned. When we receive such a request or a scan returns that the host is blacklisted, we comply.
  • Technical reasons: If a hosts is consistently unreachable we will blacklist it to conserve resources
We of course reserve the right to blacklist any host if we think it is necessary for whatever reason.

Keywords: sites, blacklist

The grading of SSLLabs takes a lot more details into consideration than SIGMA can show. SIGMA shows only the most relevant information and is not meant to replace SSLLabs. If you cannot see the reason for a lower grade I would always advise to check the detailed results on the SSLLabs site. A direct link is available in the site options menu.

Keywords: grade, problem, inconclusive

Vulnerabilities

The first thing you should do is to check in the detail view what vulnerability was found. I would also advise to check the results directly on SSL Labs to see if there is more. The next thing you should uregntly check your server. Are all updates installed? All patches applied? Is the software so far outdated it no longer receives updates? Go through the SSL-configuration of your server to check for outdated cyphers, protocols, etc.

If you are unable to find anything there is always the possibilitiy that it is a false alarm due to a bug on SIGMA or the SSL Labs Scanner, in which case you should notify us.

Keywords: vulnerability, next steps