Confirmed users
238
edits
SecurityEngineering/Public Key Pinning/SiteOperators: Difference between revisions
SecurityEngineering/Public Key Pinning/SiteOperators (view source)
Revision as of 20:54, 9 June 2014
, 9 June 2014→How can you test your pins?
| Line 12: | Line 12: | ||
== How can you test your pins? == | == How can you test your pins? == | ||
# Install Firefox 32 or later. | # Install desktop Firefox 32 or later. | ||
# Go to about:config and make sure that security.cert_pinning.enforcement_level = 1 (allow user-specified trust anchors to override pinning checks) or 2 (strict mode). There is an additional enforcement level, 3, for enforcing test pins if you'd like to enable that instead. Normally test pins are used only for counting pin violations, but not actually enforcing them. You will have to coordinate with the pinning team in order to verify which of your pins are in test mode, and which are in production mode. | # Go to about:config and make sure that security.cert_pinning.enforcement_level = 1 (allow user-specified trust anchors to override pinning checks) or 2 (strict mode). There is an additional enforcement level, 3, for enforcing test pins if you'd like to enable that instead. Normally test pins are used only for counting pin violations, but not actually enforcing them. You will have to coordinate with the pinning team in order to verify which of your pins are in test mode, and which are in production mode. | ||
# Visit https://pinningtest.appspot.com to make sure you see a warning. | # Visit https://pinningtest.appspot.com to make sure you see a warning. | ||
# Visit all your sites! | # Visit all your sites! | ||