Delete a HSTS Key Pin in Chrome

Delete a HSTS Key Pin in Chrome Key pinning can be tricky and sometimes you might encounter a website having an incorrect key pin. This is usually caused by renewing certificates. In that case the duration time of the key pin might overlap the expire time of the moment of renewal. Chrome Error You will be seeing an error something like: Your connection is not private   Attackers might be trying to steal your information from domain.com (for example, passwords, […]

Read more

Configure HSTS (HTTP Strict Transport Security) for Apache/Nginx

Configure HSTS (HTTP Strict Transport Security) for Apache/Nginx HTTP Strict Transport Security, or HSTS is a security capability to force web clients use HTTPS. The idea behind HSTS is that clients which always should communicate safely, to directly use HTTPS instead of HTTP. Benefits The clear benefit of “forcing” a client to use HTTPS directly, is decreasing the risk of sharing any sensitive information via a protocol which can be snooped upon. Additionally it improves the performance by eliminating one […]

Read more