How to enable HTTP Strict-Transport-Security with the Access Gateway

  • 7016422
  • 15-Apr-2015
  • 15-Apr-2015

Environment

NetIQ Access Manager 3.2
NetIQ Access Manager 4.0
NetIQ Access Manager 4.1

Situation

Customer has been using NAM for quite some time and are trying to get an A+ SSL Labs rating on their environment. Apparently all they are missing at this moment is support for HTTP Strict Transport Security (HSTS). How does one go about enabling support for this in NAM.

Resolution

We can do this with the Access Gateway in 4.0 based on https://www.owasp.org/index.php/HTTP_Strict_Transport_Security. The following steps must be completed:

                 

a) modify httpd.conf and comment out the mod_headers library

b) add the following to the httpd.conf file

                 

Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains"


After doing this, SSLLabs reported an A+ rating against our NAM devices.