Admin Realm will not load with error stating HSTS is enabled

Follow
    Applies to:
  • SecureAuth Identity Platform
  • Legacy SecureAuth IdP
Deployment model:
  • Cloud
  • Hybrid
  • On Premises
  • Version Affected:  All

    Description:  

    When browsing to the Admin Console of the SecureAuth IdP server, the admin is presented with an error stating HSTS has caused the page not to load.

     

    Cause:  

    When using newer browsers, such as Edge Chromium, Chrome, FireFox, etc, newer security measures have been put in place and when browsing a secure site locally, that does not have a Subject Alternative Name (SAN) for the URL being browsed to, this error will occur.

     

    Resolution:  

    As shown in this image, the IIS server is using a self-signed certificate that does not have access to the root certificate authority:

      mceclip0.png

    To resolve this issue all that needs to be done is for a valid certificate to be bound to IIS on another IP address. The easiest way to complete this is to create a new binding for ::1 (IPv6 loopback) and assign it the SecureAuth machine certificate. See below for adding the new binding.

    1. Launch Internet Explorer Manager

    2. Expand the Server

    3. Expand Sites

    4. Click on 'Default Web Site'

    5. On the right side, in the Actions Pane, click on Bindings

    mceclip2.png

    6. Click the 'Add...' button

    mceclip3.png

    7. Set the 'Type:' to 'https'

    8. Set the 'IP address:' to '::1'

    9. Set the 'SSL certificate' to the SecureAuth Appliance certificate

    10. Click 'OK'

    mceclip4.png

    11. Once completed, you will see the new binding in the list and can now open the admin pages without issues

    mceclip5.png

     

    Special Considerations (optional as needed):  
    When adding the new binding, you should be able to click the drop-down and select ::1 as the IP address, but in certain instances it may not show up and will have to be typed in manually.

    A quick alternative solution is available here

     

     

    SecureAuth Knowledge Base Articles provide information based on specific use cases and may not apply to all appliances or configurations. Be advised that these instructions could cause harm to the environment if not followed correctly or if they do not apply to the current use case.

    Customers are responsible for their own due diligence prior to utilizing this information and agree that SecureAuth is not liable for any issues caused by misconfiguration directly or indirectly related to SecureAuth products.

    0 out of 0 found this helpful

    Comments

    0 comments

    Please sign in to leave a comment.