Author Topic: CWPanel access not compatible with Strict-Transport-Security  (Read 491 times)

0 Members and 1 Guest are viewing this topic.

Offline
****
CWPanel access not compatible with Strict-Transport-Security
« on: January 27, 2018, 01:18:12 PM »
After having deployed own TLS certificate and enabled Strict-Transport-Security on the domain a login to CWPanel is no longer possible as the CWP server is sticking with its own certificate which in turn and logically breaks Strict-Transport-Security. In such scenario the web browser prevents a certificate exception.

Pointing the CWP server manually to the own certificate may break CWP internal processes (e.g. my crypt) which are unknow to the user.

It is rather cumbersome to turn Strict-Transport-Security off and on again for accessing the CWPanel.

CWP should provide an option in the settings to utilize the user's own certificate and automatically rerwite internal path/routines accordingly.

Offline
****
Re: CWPanel access not compatible with Strict-Transport-Security
« Reply #1 on: February 06, 2018, 10:49:37 AM »
what sort of additional/more information are you seeking?