Forum Discussion
SSL handshake errors
Yes, this header indicates that you're using HSTS. Basically, that header tells the browser a few things:
-
For all subsequent requests to this URL, always connect via HTTPS (regardless of the URLs presented to the browser)
-
If for any reason the server's certificate cannot be validated, fail completely. In other words you don't get the option to bypass/ignore the error. It just fails.
It's very likely working in cURL because cURL doesn't understand HSTS. The max-age directive is in seconds, and that's how long the browser caches this information. Thankfully you didn't specify the usual 1 week, because it's very difficult to clear that cache. So at the very least you need to uncheck this value in the HTTP profile and wait 500 seconds to allow the browser to forget the setting. You may notice afterwards that the browser will prompt you to ignore the untrusted cert.
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com