Forum Discussion
Yann_Desmarest
Cirrus
CirrusHow to disable HSTS on the management interface ?
Hi,
I regularly have to clean my browser cache to be able to connect to the BIG-IP management webui due to the HSTS feature.
I saw that this header is served in response from BIG-IP mgmt we...
Yann_DesmarestCirrus
CirrusHi, Of course the server certificate is invalid.
You can find the same issue in english, if you have a look at the last sentence, chrome clearly block the connection due to hsts use. :)
Clearly, I'm just refused connection to ssl servers that use hsts when using fiddler for example. I think that I visited the first time my website, I got a response with an hsts header included. When I try again through a proxy or wifi captive portal, the response doesn't contain the hsts header. In this case, chrome block access to the website.
I got the same when browsing with my Android smartphone.
IanBEmployee
Actually the error you've posted is ERR_CERT_DATE_INVALID - it's saying the cert start date isn't valid. This can be caused by the clock on your device wrong, but it's often also the result of anti virus programs using this to deny access to the website. Although it says you can't access the site because it uses HSTS, it's just a badly worded way of saying that it requires SSL access, and SSL access is not available due to the SSL certiticate error. This is not saying that HSTS is causing the problem. It's saying that HSTS requires it to use SSL, and SSL is unavailable.- Yann_DesmarestHi, I have the same issue when renewing a device certificate for example. But that's ok, I clear the HSTS cache and everything goes fine