> At this time, the only way to get a verified certificate that will be trusted across most Internet browsers is to pay for a certificate. I chose RapidSSL, but you can choose any respectable provider.<p>You've got StartSSL, which has been free for years.
You can get A+ with a 2048-bit key, and while keeping support for most of the Internet users[1]. You just won't get 4x100. But if you want to, in addition to steps from OP, drop tls1 and 1.1, leaving only 1.2.<p>[1] <a href="https://wiki.mozilla.org/Security/Server_Side_TLS#Intermediate_compatibility_.28default.29" rel="nofollow">https://wiki.mozilla.org/Security/Server_Side_TLS#Intermedia...</a>
There is also the Server Side TLS guide from Mozilla which I think is really nice. It explains which cipher suites you need to support different browsers as well as example configurations (and a config generator) for different setups, including Apache and Nginx.<p>The guide can be found here: <a href="https://wiki.mozilla.org/Security/Server_Side_TLS" rel="nofollow">https://wiki.mozilla.org/Security/Server_Side_TLS</a>
I had created a 100/100/100 and all config perfect test page a while back. It's here:
<a href="https://fancyssl.hboeck.de/" rel="nofollow">https://fancyssl.hboeck.de/</a><p>However you probably can't see it because almost no browser is capable :-) The description is here:
<a href="https://fancynossl.hboeck.de/" rel="nofollow">https://fancynossl.hboeck.de/</a><p>(some info probably outdated, but still gets the all-100%-rating)
Here is a guide[1] from SSL Labs on how they grade the strength of HTTPS.<p>[1]<a href="https://www.ssllabs.com/downloads/SSL_Server_Rating_Guide.pdf" rel="nofollow">https://www.ssllabs.com/downloads/SSL_Server_Rating_Guide.pd...</a>