HSTS error when accessing the Admin Console via Localhost

Follow
    Applies to:
  • SecureAuth Identity Platform
  • Legacy SecureAuth IdP
Deployment model:
  • Cloud
  • Hybrid
  • On Premises
  • Version Affected:  All

    Description:
    After changing the binding cert in IIS, Browsers throw a HSTS error when accessing the site. 

    Browser error:

    Your connection isn't private
    Attackers might be trying to steal your information from localhost (for example, passwords, messages, or credit cards).
    NET::ERR_CERT_COMMON_NAME_INVALID
    localhost uses encryption to protect your information. When Microsoft Edge tried to connect to localhost this time, the website sent back unusual and incorrect credentials. This may happen when an attacker is trying to pretend to be localhost, or a Wi-Fi sign-in screen has interrupted the connection. Your information is still secure because Microsoft Edge stopped the connection before any data was exchanged.
    You can't visit localhost right now because the website uses HSTS. Network errors and attacks are usually temporary, so this page will probably work later.

    Cause:  
    Lack of "Localhost" in the SAN of the certificate

    Resolution:  
    1. Open your browser and go to this address
    For Edge, go to edge://net-internals/#hsts
    For Chrome, go to chrome://net-internals/#hsts

    2. It'll open a page like this

    mceclip0.png

    3. In the last box, type localhostimage__21_.png

    4. click delete

     

    Special Considerations (optional as needed):  
    An alternative solution exists here 

     

    SecureAuth Knowledge Base Articles provide information based on specific use cases and may not apply to all appliances or configurations. Be advised that these instructions could cause harm to the environment if not followed correctly or if they do not apply to the current use case.

    Customers are responsible for their own due diligence prior to utilizing this information and agree that SecureAuth is not liable for any issues caused by misconfiguration directly or indirectly related to SecureAuth products.

    0 out of 0 found this helpful

    Comments

    0 comments

    Please sign in to leave a comment.