Delete a HSTS Key Pin in Chrome

Delete a HSTS Key Pin in Chrome

Key pinning can be tricky and sometimes you might encounter a website having an incorrect key pin. This is usually caused by renewing certificates. In that case the duration time of the key pin might overlap the expire time of the moment of renewal.

Chrome Error

You will be seeing an error something like:

Your connection is not private

 

Attackers might be trying to steal your information from domain.com (for example, passwords, messages, or credit cards). NET::ERR_SSL_PINNED_KEY_NOT_IN_CERT_CHAIN

What Does It Mean?

HSTS stands for HTTPS Strict Transport Security. It forces websites to always use HTTPS. This is done by instructions of the related web server. An additional layer is using HPKP, HTTP Public Key Pinning. This allows web masters to define what public keys related to the SSL certificate are good. The client then stores these for a specified amount of time.

Sometimes things go wrong with this key pinning, resulting in a website to be unreachable. In that case, you can delete the related key pin manually. This does not apply if the key pins of the domain are preloaded into the browser (e.g. of Facebook). In that case a browser update is needed.

Deleting a HSTS key pin

Fortunately solving this error is simple, by removing the domain from the HSTS database. T

  • Go to the URL chrome://net-internals/#hsts
  • Now delete the related domain

Screenshot of deleting a key pin in Chrome browser

After deleting the domain, the related key pins will be removed as well. You should be able to visit the related website again.

One more thing...

Keep learning

So you are interested in Linux security? Join the Linux Security Expert training program, a practical and lab-based training ground. For those who want to become (or stay) a Linux security expert.

See training package




Lynis Enterprise screenshot to help with system hardeningSecurity scanning with Lynis and Lynis Enterprise

Run automated security scans and increase your defenses. Lynis is an open source security tool to perform in-depth audits. It helps with system hardening, vulnerability discovery, and compliance.


Download

3 comments

  • SergeySergey

    Helped like a charm! Thanks for the post!

    Reply
  • Yuri Cauna RoblesYuri Cauna Robles

    Muchas gracias!!!! me sirvio mucho, ya estaba rindiendome en encontrar una solución. Me sirvió.

    Había renovado los certificados ssl y me votaba un error.

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.