Summary
How HTTP Strict Transport Security (HSTS) and HTTP Public Key Pinning (HPKP) can affect Smoothwall and its client devices.
Problem
HSTS and HPKP has implications for Smoothwall and its client devices.
HSTS:
- Forces browsers to connect to sites securely
- Ensures that the browser only connects to that site securely in the future
- Ensures that certificate related errors cannot be clicked through by the user
HPKP:
- Ensures a browser only connects to an HTTPS site using the specified certificate
- Ensures that certificate related errors cannot be clicked through by the user
Solution
For client devices with the Smoothwall's HTTPS certificate installed for Decrypt and inspect, neither of these standards should have any effect, though this may change in the future.
For client devices without Smoothwall's HTTPS certificate installed for Decrypt and inspect, users may see certificate errors that cannot be bypassed. This can occur if the Smoothwall tries to serve a HTTPS blockpage or there is an issue with the site itself.
If these errors are occurring, either:
- Install the Smoothwall's HTTPS certificate to enable proper decryption and inspection see our help topic, Managing HTTPS inspection settings.
- Adjust the HTTPS policy appropriately see our help topic, Managing HTTPS inspection policies.