🚀 Knowledge Base Beta
Preview our redesigned Knowledge Base. Click here to try it and give us your feedback! Your input helps us improve

How to disable HSTS - HTTP Strict Transport Security

This document (000021921) is provided subject to the disclaimer at the end of this document.

Environment

SUSE Multi Linux Manager 5.x

Situation

HSTS is enabled while using the default SSL certificate generated by SUSE Manager or a self-signed certificate, browsers will refuse to connect with HTTPS unless the CA used to sign such certificates is trusted by the browser.

Resolution

Create a custom file:

vim /etc/apache2/conf.d/zz-spacewalk-www-custom.conf

Add below line to the file:

Header always set Strict-Transport-Security "max-age=0; includeSubDomains"

Restart apache2 service:

systemctl restart apache2

Verify on the client or Web by accessing the SMLM URL to know if the HSTS is disabled:

curl -v https://<SMLM FQDN >

If Enabled:

* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* old SSL session ID is stale, removing
< HTTP/1.1 200 200
< Date: Fri, 18 Jul 2025 12:55:25 GMT
< Server: Apache
< X-Frame-Options: SAMEORIGIN
< Strict-Transport-Security: max-age=63072000; includeSubDomains

If Disabled:

* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* old SSL session ID is stale, removing
< HTTP/1.1 200 200
< Date: Fri, 18 Jul 2025 12:54:46 GMT
< Server: Apache
< X-Frame-Options: SAMEORIGIN
< Content-Type: text/html;charset=UTF-8
< Vary: Accept-Encoding

Cause

The CA used to sign the self signed certificates is not trusted by the browser .Hence refusing connecting to the Server.

Status

Top Issue

Disclaimer

This Support Knowledgebase provides a valuable tool for SUSE customers and parties interested in our products and solutions to acquire information, ideas and learn from one another. Materials are provided for informational, personal or non-commercial use within your organization and are presented "AS IS" WITHOUT WARRANTY OF ANY KIND.

Document ID:000021921
Creation Date: 18-Jul-2025
Modified Date:28-Jul-2025
- SUSE Manager Server

< Back to Support Search

For questions or concerns with the SUSE Knowledgebase please contact: tidfeedback[at]suse.com

SUSE Support Forums

Get your questions answered by experienced Sys Ops or interact with other SUSE community experts.

Join Our Community

Support Resources

Learn how to get the most from the technical support you receive with your SUSE Subscription, Premium Support, Academic Program, or Partner Program.

Support FAQ

Open an Incident

Open an incident with SUSE Technical Support, manage your subscriptions, download patches, or manage user access.

Report a Software Vulnerability

Go to Customer Center

SUSE Support

Here When You Need Us

🚀 Knowledge Base Beta Preview our redesigned Knowledge Base. Click here to try it and give us your feedback! Your input helps us improve