Reset Search
 

 

Article

HOW TO Enable HSTS Strict-Transport-Security Tagging Support on Extreme Management Center

« Go Back

Information

 
TitleHOW TO Enable HSTS Strict-Transport-Security Tagging Support on Extreme Management Center
Objective
  • Enable HSTS (HTTP Strict Transport Security) on existing Extreme Management Center deployments per  RFC 6797.
Environment
  • Extreme Management Center (XMC, formerly NetSight)
  • HSTS (HTTP Strict Transport Security)
  • All 8.2.x Or Above Software Releases
Procedure
WARNING: Serious problems might occur if you incorrectly modify the system files described below using vi or by using another method. Please ensure the file(s) to be modified are backed up prior to any change. Modify files at your own risk.

WARNING: The Extreme Management Center server MUST be configured to use a third party publicly or privately trusted certificate with the browser or Operating System (OS) keystore already configured with the appropriate Certificate Authority (CA) chain. You SHOULD NOT enable HSTS support if using the Extreme Management Center default untrusted self-signed certificate.

To enable HSTS with the condition(s) above met:
  1. cd /usr/local/Extreme_Networks/NetSight/wildfly/standalone/configuration/
  2. cp emc.xml emc.xml.original
  3. vi emc.xml
Under "<filter-ref name="server-version"/>" add...
     <filter-ref name="strict-transport-security"/>

Under "<response-header name="server-version" header-name="Server-Version" header-value="8.2.4"/>" add...
     <response-header name="strict-transport-security" header-name="Strict-Transport-Security" header-value="max-age=31536000; includeSubDomains"/>
  1. Save and restart XMC using "service nsserver restart".
Additional notes
Additional information regarding HSTS is available in RFC 6797.

NOTE: This procedure to enable HSTS support is only applicable to Extreme Management Center servers only. Extreme has no plans to enable HSTS support on Extreme Control, Extreme Analytics, Extreme Fabric Manager or Extreme Guest & IoT Manager companion appliances similarly hosting secure web services.

Feedback

 

Was this article helpful?


   

Feedback

Please tell us how we can make this article more useful.

Characters Remaining: 255