Skip to main content
Skip table of contents

HSTS blocks access to the PMC's web interface

HTTP Strict Transport Security (HSTS) is a web security policy mechanism that helps to protect websites against man-in-the-middle attacks such as protocol downgrade attacks and cookie hijacking.

Problem

Google Chrome and Microsoft Edge browsers block access to the PMC's web interface with a HSTS error similar to this:

hsts-example-error

Diagnosis

This error message is a bit misleading. The PMC's web service itself does not require HSTS but is using a self-signed certificate (that can be replaced). 

Chrome and Edge are applying HSTS rules to the PMC's server through the browser’s own configuration.  The combination of the browser's settings with the PMC's self-signed certificate is causing the blockage.

Solution

To clear up this error:

  1. Navigate to the appropriate page:

    Browser

    Page

     Google Chromechrome://net-internals/#hsts
    Microsoft Edgeedge://net-internals/#hsts
  2. Scroll to the bottom of the page to the Delete domain security policies section.
  3. Enter the domain name of the PMC in the Domain field, and then click Delete
    Note:  You do not need to enter https:// before the domain name; nor do you need to enter the port number or any text that follows the port number.
  4. Refresh the PMC’s page in the browser.   You will still get an alert but now the browser should let you bypass the alert.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.