AnsweredAssumed Answered

Strict Transport Security (HSTS) = Unknown after switching to SSL wildcard certificate

Question asked by George L on Oct 24, 2014
Latest reply on Oct 25, 2014 by George L

I just updated my SSL certificate for my site sslspdy.com

 

from

 

Comodo Essential SSL ECC 256 bit ECDSA (with Nginx + OpenSSL 1.0.2 beta4 + chacha20_poly1305 ciphers)

 

to

 

GGSSL (Comodo) Wildcard SSL ECC 256 bit ECDSA certificate (with Nginx + OpenSSL 1.0.2 beta4 + chacha20_poly1305 ciphers)

 

This is on my Nginx 1.7.6 web server and then updated HSTS to the following to add includeSubdomains for SSL wildcard

 

add_header Strict-Transport-Security "max-age=31536000; includeSubdomains";

 

but it seems now ssllabs test reports as Strict Transport Security (HSTS) = Unknown ?

 

I don't have problems with other exact same HSTS headers for my other GGSSL Wildcard SSL certificate domains which use RSA 2048 bit certificates.

 

But sslspdy.com does differ in that it's using ECC 256 bit ECDSA SSL certificate, so not sure if it's an ssllab thing ? But it was fine using Comodo Essential with ECC 256 bit ECDSA with ssllabs reporting HSTS support? See screenshot at sslspdy.com

 

Nginx configuration:

 

nginx -V

nginx version: nginx/1.7.6

TLS SNI support enabled

configure arguments: --with-cc-opt='-I/svr-setup/staticlibssl/include -I/usr/include' --with-ld-opt='-L/svr-setup/staticlibssl/lib -Wl,-rpath -lssl -lcrypto -ldl -lz' --sbin-path=/usr/local/sbin/nginx --conf-path=/usr/local/nginx/conf/nginx.conf --with-ipv6 --with-http_ssl_module --with-http_gzip_static_module --with-http_stub_status_module --with-http_sub_module --with-http_addition_module --with-http_image_filter_module --with-http_secure_link_module --with-http_flv_module --with-http_realip_module --with-openssl-opt=enable-tlsext --add-module=../ngx-fancyindex-ngx-fancyindex --add-module=../ngx_cache_purge-2.1 --add-module=../headers-more-nginx-module-0.25 --add-module=../nginx-accesskey-2.0.3 --add-module=../nginx-http-concat-master --with-http_dav_module --add-module=../nginx-dav-ext-module-0.0.3 --add-module=../openresty-memc-nginx-module-1518da4 --add-module=../openresty-srcache-nginx-module-ffa9ab7 --add-module=../nginx-sticky-module-1.2.5 --add-module=../nginx_upstream_check_module-0.1.9 --with-openssl=../openssl-1.0.2-chacha --with-libatomic --with-pcre=../pcre-8.35 --with-pcre-jit --with-http_spdy_module --add-module=../ngx_pagespeed-release-1.9.32.1-beta

Outcomes