All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
SSL - HSTS Preloading & Public Key Spinning
Hi,
Just get to know about HSTS Preloading. I've already done what the Preloading Rules require. And Submitted through https://hstspreload.appspot.com/ but, it seems One of My Websites only preloads in Google Chrome, Not in IE, Firefox, Edge, Tor.
Again, I did some research on Public Key Spinning & it seems I have to add the Pin (SS Cert's One) in Apache Config. However, each SSL is assigned an unique PIN. I'm using cPanel, how can I add so many PIN's in My Apache Config ?? Interesting fact is, If I add PIN of Any Certificate in SSL Chain, it works ! Then, is there any way to get all the CA's Root Certificates PIN ??
Reference: https://www.ssllabs.com/ssltest/analyze.html?d=rcpcbd.com
Thanks !
Comments
@Raymii Can you shed some light on this topic ??
When did your submission get added to the list? It won't be propogated until each browser pushes the next update of their own lists.
So, from that Website (https://hstspreload.appspot.com/) The Browsers get the informtion & then update their List ?? I though, there might be some technical problem on My Side that's why it's not been loaded ! Thanks for clearing up the point.
Public Key Pinning please (HPKP). Actually the site says it can take weeks to get listed everywhere. So all you can do is way.
That HSTS Preloading. What about HPKP ? What's the rule to PIN the Certs ??
HPKP (HTTP Public Key Pinning) has no list. It has no relation to HSTS. HSTS tells the client to always use HTTPS connection on all domains (including sub domains) of domain.com. HPKP does not contribute anything to this HSTS list.
HPKP is used to prevent MITM attacks with different SSL certificates. The HPKP header includes the SHA256 hash values of all used certificates and sends these to the client. Now if the certificate hash changes because of a MITM attack with a different certificate for the same domain your browser will not open the site because the hash values it received via HPKP do not match and you will get a security warning about possible tampering of your connection to domain.com.
https://developer.mozilla.org/en/docs/Web/Security/Public_Key_Pinning