This article applies to version 6.
This article describes how to configure an HTTPS Strict Transport Security (HSTS) response header for your Code42 environment. Once a browser receives an HSTS header, the browser prevents communications over HTTP to the specified domain and instead sends communications over HTTPS. Restricting access to your Code42 environment to HTTPS makes your Code42 environment more secure.
Server security requires a CA-signed certificate and the TLS protocol
Reliable security of any production web server requires an SSL certificate signed by a trusted certificate authority (CA) and enforced use of the TLS protocol (that is, HTTPS, not HTTP).
Your on-premises Code42 authority server is no exception. A Code42 server that is configured to use a signed certificate, strict TLS validation, and strict security headers protects server communications with browsers, your Code42 apps, and other servers.
- By default, your authority server uses a self-signed certificate and TLS. That provides for encrypting client-server traffic.
- Adding a CA-signed certificate provides further security by confirming your server's identity to clients. It prevents attackers from acquiring client data through counterfeit servers and encryption keys.
- Never reconfigure a production server to use HTTP, rather than TLS and HTTPS.
- Configuring Code42 servers and apps to use strict TLS validation further ensures the security of client-server connections.
- Configuring Code42 servers to use an HTTPS Strict Transport Security (HSTS) response header further prevents unencrypted browser access to administration consoles.
- This article applies to on-premises authority servers only on version 6.5 or later.
- The HTTPS enforcement period is set to one year (31536000 seconds) by default. Set it to a shorter time if you plan to downgrade to HTTP access in the future. For example, to set the period to 90 days, set the maximum value of the c42.strictTransportSecurityHeader property to 7776000 seconds.
- Before configuring the response header, you must first change security settings to require SSL to access the console and update the server settings to use HTTPS for the website protocol.
Configure the response header
- Double-click the logo in the upper-left corner of the administration console.
The command-line interface appears in the administration console.
- Enter the following
prop.setcommand at the top of the command-line interface to configure the response header for your Code42 domain:
prop.set c42.strictTransportSecurityHeader.value max-value=<value in seconds> save all
For example, to set the enforcement period to 90 days (7776000 seconds), enter the following:
prop.set c42.strictTransportSecurityHeader.value max-value=7776000 save all
Setting a new value with a
prop.setcommand overwrites any existing value.
- (Optional) To apply the setting to all subdomains, add the includeSubDomains argument, for example:
prop.set c42.strictTransportSecurityHeader.value max-value=7776000;includeSubDomains save all
- To verify the new setting in your Code42 environment, enter the following command: