Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
4620
Views
10
Helpful
4
Replies

Disable HSTS on ISE?

Go to solution
tuenoerg
Cisco Employee
Cisco Employee

‎12-15-2017 07:06 AM

hi all

One of my customers is facing problems on the sponsor portal when using Chrome browser.

Chrome stops and "complains" about HSTS.

Can we disable HSTS on ISE?

or - is this there another workaround?

ISE 2.3 patch 1 is used.

Br

Tue

2 people had this problem
1 Accepted Solution

Accepted Solutions

Go to solution
hslai
Cisco Employee
Cisco Employee

‎12-15-2017 07:54 AM

No, this is not configurable in ISE.

Assuming Chrome stops due to the web portal is presenting the ISE server certificates for admin, the only workaround is to include the portal FQDNs in those certificates' SAN fields.

View solution in original post

0 Helpful
4 Replies 4

Go to solution
hslai
Cisco Employee
Cisco Employee

‎12-15-2017 07:54 AM

No, this is not configurable in ISE.

Assuming Chrome stops due to the web portal is presenting the ISE server certificates for admin, the only workaround is to include the portal FQDNs in those certificates' SAN fields.

0 Helpful

Go to solution
Tymofii Dmytrenko
Level 1
Level 1
In response to hslai

‎07-24-2018 05:06 AM

I have deployed sponsors portal using the same certificate that we use for Admin because it has wildcard SAN entry, but we use FQDN which does not explicitly exist in certificate (so we rely on wildcard). Due to HSTS both Chrome and Firefox report there's a problem with the certificate. In fact, the page loads fine on first attempt, but all consecutive attempts fail and certificate is blamed. What is the fix for this please?

0 Helpful

Go to solution
Bryan Byers
Cisco Employee
Cisco Employee
In response to Tymofii Dmytrenko

‎07-24-2018 05:21 AM

Please check out this link for an answer... Hope this helps...



https://cisco-marketing.hosted.jivesoftware.com/thread/88180


0 Helpful

Go to solution
Tymofii Dmytrenko
Level 1
Level 1
In response to Bryan Byers

‎07-24-2018 05:52 AM

@Bryan Byers The link you provided points to this very same conversation :)

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents