This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Https Strict Transport Security (HSTS) sites break transparent browser authentication

Hi,

We are evaluating transparent browser authentication with https filter only scanning.

The problem is if user opens a HSTS enabled site, chrome and firefox throws certificate errors and refuse to continue or add a security exeption. So user does not see UTM login page.

If the user opens a http or non HSTS https site first, he can login then the HSTS sites without any certificate errors.

Btw Under Web Protection->Misc->Certificate for End-User Pages ->Use a custom certificate for HTTPS pages is selected. Under there hosname is setted to artvin.edu.tr and use uploaded our wildcard valid certificate. Also in our dns server we have passthrough.artvin.edu.tr. IN A 213.144.15.19
So our users dont get certificate errors on passthrough.artvin.edu.tr pages.

This thread was automatically locked due to age.

Parents

0 InformaticaOostkamp over 9 years ago

Sorry for digging up this old topic, but we're having the same issue. Did you ever manage to do something about this?
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 InformaticaOostkamp over 9 years ago

Sorry for digging up this old topic, but we're having the same issue. Did you ever manage to do something about this?
Cancel
Vote Up 0 Vote Down

Cancel

Children

No Data