Configuring HTTPS
MetaDefender Storage Security can be configured to support HTTPS communication when accessing the Web UI and REST API.
Enable HTTPS on Windows-based deployments
In order to setup HTTPS communication please follow these steps:
- Obtain the certificate and the private key as two separate files (for example, crt.pem & key.pem )
- Rename the private key file in the form of <name>.key such that the extension of the file is .key
- Place the certificates in config\nginx\certificates folder inside the installation directory (by default, in C:\Program Files\OPSWAT\MetaDefender Storage Security\config\nginx\certificates)
- Navigate to the docker folder (by default, in C:\Program Files\OPSWAT\MetaDefender Storage Security\scripts)
- Open a PowerShell command prompt and run the following command
- Verify that HTTPS is configured correctly by navigating with your browser.
Disable HTTPS on Windows-based deployments
For disabling HTTPS communication please follow these steps:
- Navigate to the docker folder (by default, in C:\Program Files\OPSWAT\MetaDefender Storage Security\scripts)
- Run the following command in PowerShell:
PS> .\mdss.ps1 -u disable_https
Certificate Handling When Disabling HTTPS
Disabling HTTPS on Windows will also "disable" the certificates found in config/nginx/certificates
by renaming them to: ssl_key_disabled
and ssl_crt_disabled
.
If you plan to re-enable HTTPS using the same certificates, you must manually rename them back to ssl.key
and ssl.crt
.
Enable HTTPS on Unix-based deployments
In order to setup HTTPS communication please follow these steps:
- Obtain the certificate and the private key as two separate files (for example, crt.pem & key.pem )
- Rename the private key file in the form of <name>.key such that the extension of the file is .key
- Place your certificates in /etc/mdss/webclient/
- Run the enable_https utility by executing the following command:
- Verify that HTTPS is configured correctly by navigating with your browser.
Disable HTTPS on Unix-based deployments
For disabling HTTPS communication, run the following command:
sudo mdss -u disable_https
Enabling HTTPS from UI
Enabling HTTPS from the UI is now available for non Kubernetes deployments. On the Settings page, under the Security tab, you can enable HTTPS directly from the UI by entering the certificate file and the key file. The certificate must be a .crt
file while the key must be a .key
file.
After configuring HTTPS from UI, for the configuration to apply, restarting MDSS manually is required using the mdss
command on Linux or the mdss.ps1
script on Windows.
