Enable HTTP Strict Transport Security (HSTS) in Identity Management servers

Solution Verified - Updated -

Issue

  • Security scanning discovers that 80, 443, 8080 and 8443 are active and response to http(s) requests.
  • Security team requests to enable Strict-Transport-Security HTTP header in all HTTP running services.

Environment

  • Red Hat Enterprise Linux (RHEL) 7
  • Red Hat Enterprise Linux (RHEL) 8
  • Red Hat Identity Management (IdM) / FreeIPA
    • httpd
    • pki-tomcat

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase of over 48,000 articles and solutions.

Current Customers and Partners

Log in for full access

Log In