HTTP Strict Transport Security (HSTS) with App Control Server
search cancel

HTTP Strict Transport Security (HSTS) with App Control Server

book

Article ID: 287168

calendar_today

Updated On:

Products

Carbon Black App Control (formerly Cb Protection)

Issue/Introduction

Can HTTP Strict Transport Security be enabled on the App Control server?

Environment

  • App Control Server: All Supported Versions

Resolution

HTTP Strict Transport Security can be configured on the App Control server, however it is not a requirement per OER

To enable HSTS for the App Control web site:

  1. Log in to the application server as the Carbon Black Service Account.
  2. Open IIS Manager.
    1. Expand: ServerName > Sites > choose Parity Console Web
    2. From the right-hand menu > Manage Website > Configure > HSTS...
    3. Verify Enabled is checked
  3. From an administrative command prompt issue the command:
    iisreset
  4. Restart the Carbon Black App Control Server and Carbon Black App Control Reporter services.
  5. Log in to the Console and verify Agents are beginning to reconnect.

Additional Information

HTTP Strict Transport Security is an IIS configuration and not related to do the App Control settings.