2

I'm moving to a new server and looking for the best way to minimize downtime.

On my current server I'm using nginx, HTTPS only

In my nginx config I have: Strict-Transport-Security "max-age=31536000"

The last time I moved servers, the HSTS setting caused problems for many users.

Anything I can do to remedy that?

user
  • 4,335
  • 4
  • 34
  • 71
sombreptile
  • 21
  • 1
  • Hi user2146316. Asking for off-site resources is off topic here, so I removed that part of your question. You may want to review https://serverfault.com/help/on-topic. – user Sep 30 '16 at 11:32

1 Answers1

2

HSTS doesn't have anything to do with the specific host that the content is being served from, or where the SSL termination is being done.

HSTS by itself also doesn't say anything about certificate pinning or similar, so as long as you are using only HTTPS with HSTS, which specific certificate you are serving is largely immaterial.

What you should do is to simply ensure that both servers serve valid certificates with a proper trust chain and have otherwise correct HTTPS configurations.

You can edit your hosts file or similar in order to test this using contemporary web browsers before going live, or you can use more specialized tools like OpenSSL's -connect option to verify which certificate is being served.

user
  • 4,335
  • 4
  • 34
  • 71