Open topic with navigation

Enabling HTTP Strict Transport Security

HTTP Strict Transport Security (HSTS) is a simple and widely supported standard to ensure that browsers always connect to a website over HTTPS. Using it, you can remove the need for the insecure practice of redirecting users from http:// to https:/// URLs.

Connecting to the Logger Web UI requires an HTTPS URL:

• https://<hostname or IP address> for Logger Appliances.
• https://<hostname or IP address>:<configured_port> for Software Loggers.

However, you may accidentally try to connect to Logger over HTTP instead of HTTPS, leaving you vulnerable to a man-in-the-middle attack. You can leverage Logger's support for HSTS to ensure that your browser always connects to Logger over HTTPS.

To enable HSTS:

1. On Logger, generate a Certificate Signing Request (CSR). See Generating a Certificate Signing Request (CSR) for the steps to generate the CSR.

   • Do not use a self-signed certificate.
   • Do use the fully-qualified domain name (FQDN) when creating the certificate, for example, n192-0-2-h24.server.yourco.com.
2. Have the CSR signed by a Certificate Authority(CA), such as Verisign, who will return the CA-signed certificate back to you.
3. Import the CA-signed certificate into Logger. See Importing a Certificate for the steps to import the certificate.

4. In the browser, import the CA-signed certificate in your browser's trust store. Refer to your browser’s help for instructions on importing a trusted certificate.

   For example, in Firefox 47.x, you would select Options from the menu, click Advanced, click the Certificates tab, click View Certificate, click the Authorities tab, and click the Import button.

5. Close and restart the browser. You should now be able to connect to Logger using the following HTTP addresses:

   • http://<Logger FQDN> for Logger Appliances.
   • http://<Logger FQDN>:<configured_port> for Software Loggers.