Configuring HTTPS

MetaDefender Storage Security can be configured to support HTTPS communication when accessing the Web UI and REST API.

Enable HTTPS on Windows-based deployments

In order to setup HTTPS communication please follow these steps:

  1. Obtain the certificate and the private key as two separate files (for example, crt.pem & key.pem )
  2. Rename the private key file in the form of <name>.key such that the extension of the file is .key
  3. Place the certificates in config\nginx\certificates folder inside the installation directory (by default, in C:\Program Files\OPSWAT\MetaDefender Storage Security\config\nginx\certificates)
  4. Navigate to the docker folder (by default, in C:\Program Files\OPSWAT\MetaDefender Storage Security\scripts)
  5. Open a PowerShell command prompt and run the following command
Copy
  1. Verify that HTTPS is configured correctly by navigating with your browser.

Disable HTTPS on Windows-based deployments

For disabling HTTPS communication please follow these steps:

  1. Navigate to the docker folder (by default, in C:\Program Files\OPSWAT\MetaDefender Storage Security\scripts)
  2. Run the following command in PowerShell:
Powershell
Copy

Certificate Handling When Disabling HTTPS

Disabling HTTPS on Windows will also "disable" the certificates found in config/nginx/certificates by renaming them to: ssl_key_disabled and ssl_crt_disabled .

If you plan to re-enable HTTPS using the same certificates, you must manually rename them back to ssl.key and ssl.crt.

Enable HTTPS on Unix-based deployments

In order to setup HTTPS communication please follow these steps:

  1. Obtain the certificate and the private key as two separate files (for example, crt.pem & key.pem )
  2. Rename the private key file in the form of <name>.key such that the extension of the file is .key
  3. Place your certificates in /etc/mdss/webclient/
  4. Run the enable_https utility by executing the following command:
Copy
  1. Verify that HTTPS is configured correctly by navigating with your browser.

Disable HTTPS on Unix-based deployments

For disabling HTTPS communication, run the following command:

Bash
Copy

Enabling HTTPS from UI

Enabling HTTPS from the UI is now available for non Kubernetes deployments. On the Settings page, under the Security tab, you can enable HTTPS directly from the UI by entering the certificate file and the key file. The certificate must be a .crt file while the key must be a .key file.

After configuring HTTPS from UI, for the configuration to apply, restarting MDSS manually is required using the mdss command on Linux or the mdss.ps1 script on Windows.

Type to search, ESC to discard
Type to search, ESC to discard
Type to search, ESC to discard