How to Resolve SSL/TLS Errors with MetaDefender Core Webhook Callbacks?

Issue:

When the webhook callback functionality is invoked, it may fail due to SSL/TLS errors. The core.log file will contain an error similar to the following:

(core.webhook) SSL/TLS failed, issue='The issuer certificate of a locally looked up certificate could not be found, No certificates could be verified'

Resolution:

Windows

1. Obtain the webhook server's SSL certificate chain (root CA, intermediate CA, and server certificate).

2. Open the Microsoft Management Console (mmc.exe).

3. Add the Certificates snap-in for the local computer.

4. Navigate to Trusted Root Certification Authorities > Certificates.

5. Import the root, intermediate, and server certificates into theTrusted Root Certification Authorities store.

6. Restart the OPSWAT MetaDefender Core service:

• OPSWAT MetaDefender Core

After the service restart, the trusted root certificates will be exported to a certificate located in the MetaDefender Core installation folder Data folder (by defaultC:\Program Files\OPSWAT\MetaDefender Core\data).

Linux

By default, MetaDefender Core loads root CAs from the following locations:

• /etc/ssl/certs/

• /usr/share/ssl/

• /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem

Steps to import the certificates:

Debian/Ubuntu

1. sudo cp -f <cert_file> /usr/local/share/ca-certificates/

2. sudo update-ca-certificates

3. sudo systemctl restart ometascan

CentOS/RHEL

1. sudo cp -f <cert_file> /etc/pki/ca-trust/source/anchors/

2. sudo update-ca-trust enable

3. sudo update-ca-trust extract

4. sudo systemctl restart ometascan

Steps to Reproduce:

Trigger a webhook callback to confirm that the SSL/TLS error occurs. Check the core.log for the SSL/TLS error.

Prevention:

Ensure the webhook server’s SSL certificate chain is trusted by the operating system by installing the intermediate or root certificate authorities in the local certificate store.