URL access fails with SSL interceptions when the site uses HTTP Strict Transport Security (HSTS)


Article ID: 168564


Updated On:


ProxySG Software - SGOS


Access to URLs such as Gmail or Facebook fails with SSL interceptions if the site uses HTTP Strict Transport Security (HSTS) and the web browser does not trust the ProxySG appliance certificate.



Without HSTS, when a user access a HTTPS URL and the certificate presented by the server (perhaps with server certificate issued by the appliance due to SSL interception) should be trusted by the browser, the browser presents an option to add the certificate as an exception. The user can then access the URL.

With HSTS,
 the browser must trust the certificate for the user to access the URL.


To have the browser trust the appliance certificate, review the following KB articles.