SOI Vulnerability - HSTS Missing from HTTPS Server
search cancel

SOI Vulnerability - HSTS Missing from HTTPS Server


Article ID: 203955


Updated On:


CA Service Operations Insight (SOI)


Please provide steps / procedure to remediate Nessus scan has detected "HSTS Missing from HTTPS Server" vulnerability on the following SOI components:

a. SOI Manager - Port 7493
b. SOI UI - Port 7403
c. HelpDesk connector - Port 8443


Release : 4.2

Component : Service Operations Insight (SOI) Manager


Improper SSL configuration resolved by using the correct steps.


Please apply latest 4.2 Monthly Update KIT found here:

Please find below correct steps/ procedure to configure SSL:

Please ensure that SSL is configured as mentioned below:
Please make the below changes for SOI Manager and SOI UI components and reboot the server:
  • C:\Program Files (x86)\CA\SOI\tomcat\conf\web.xml
  • C:\Program Files (x86)\CA\SOI\SamUI\conf\web.xml
If you are seeing just the hostname under SOI UI -> Administration -> CA Service Operations Insight Manager Configuration. Please login to https://hostname:port/sam and export the security certificate from the URL and import the security certificate into the browser.

Please note below limitations:

  • antiClickJackingEnabled is set to false
  • certificates need to be imported into the browsers