HSTS blocks access to the PMC's web interface
HTTP Strict Transport Security (HSTS) is a web security policy mechanism that helps to protect websites against man-in-the-middle attacks such as protocol downgrade attacks and cookie hijacking.
Problem
Google Chrome and Microsoft Edge browsers block access to the PMC's web interface with a HSTS error similar to this:
Diagnosis
This error message is a bit misleading. The PMC's web service itself does not require HSTS but is using a self-signed certificate (that can be replaced).
Chrome and Edge are applying HSTS rules to the PMC's server through the browser’s own configuration. The combination of the browser's settings with the PMC's self-signed certificate is causing the blockage.
Solution
To clear up this error:
Navigate to the appropriate page:
Browser Page
Google Chrome chrome://net-internals/#hsts Microsoft Edge edge://net-internals/#hsts - Scroll to the bottom of the page to the Delete domain security policies section.
- Enter the domain name of the PMC in the Domain field, and then click Delete.
Note: You do not need to enter https:// before the domain name; nor do you need to enter the port number or any text that follows the port number. - Refresh the PMC’s page in the browser. You will still get an alert but now the browser should let you bypass the alert.