How to update expired ssl certificate on server with key-pinning (hpkp)

Question

On server with nginx web server was setup ssl section with key-pinning:

add_header Public-Key-Pins 'pin-sha256="some-key"; pin-sha256="second-key"; max-age=5184000;' always;

now certificate is expired and was reissued, I generate a new base64 string for the new certificate, nginx -t shows that config file syntax is correct, but when I visit the site I see the error - MOZILLA_PKIX_ERROR_KEY_PINNING_FAILURE

So I want to ask - is there any way to renew certificate on server with key-pinning without downtime for users?

Clearing user data in browser is not acceptable.

Answer 1

You've several options:

1. Reissue the new certificate from the same key. Best practice would be to start with a new key rather than reuse so arguably HPKP (supposedly good for security) encourages bad security practices.

2. Have a backup key/csr/certificate. Best practice would be generate when needed, so there is no chance of leaking the key as otherwise it needs to be stored securely, so arguably HPKP (supposedly good for security) encourages bad security practices. In fact HPKP is only recognised by the browser if you include a pin for another key as a safety feature which encourages this option.

3. Generate your csr or cert in advance *l(at least max-age in advance) and update your HPKP header to include the new cert pins for the max-age time, then switch certs, and then finally remove old cert from HPKP header. Of course if key is compromised and you need to switch quickly then this is not an option so arguably HPKP (supposedly good for security) encourages bad security practices.

4. Include the intermeadiate/root certificate in your HPKP policy. Hope that your CA never, ever changes intermediates or roots, or goes out of business, or that you want to switch CA. If any of these happen then you are goosed.

5. Forget about it and brick your site for a large proportion of users for the duration of your site when you need to reissue your certificate. Security is great for this option, but usefulness is significantly lower.

My comments here are some of the many reasons why HPKP is being removed from browsers - it was in impractical idea, that was overkill for most sites when you looked at the extra security it brought versus the risks it added (as I blogged about here).