SSL Configurations

Starting from version 5.13.0, the ssl on directive is deprecated and can no longer be used for configuring SSL. Please utilize the Web UI console to configure HTTPS connections.

When upgrading from an older version to 5.13.0, MetaDefender Core will automatically migrate the SSL configuration to a new file named ssl.conf.mdcore to manage SSL settings. To configure SSL, please use this file but we recommend to use the Web UI console instead manually modify this file.

If the customer is already using ssl.conf for SSL configuration, there is no need to worry as it will be updated automatically during the upgrade.

Before upgrading, ensure that the file ssl.conf has permission set to 777. After the upgrade, remember to adjust the file permissions accordingly.

1.) Create a “ssl.conf.mdcore” (MetaDefender Core only accept this name) file

  • On Windows, under <Installation Directory>\nginx\
Copy
  • On Linux, under /etc/ometascan/nginx.d/
Copy

2.) A restart of the “OPSWAT Metadefender Core” service is required.

Advanced SSL configurations

1.) Explicitly allow specific TLS versions, optionally with preferred ciphers. For example:

Copy

2.) Use SSL private key and(or) certificate which is encrypted with a passphrase. Strongly recommended to put the passphrase file(s) into a secured vault where only MetaDefender Core can access.

A reference for typical practice: https://www.nginx.com/blog/protecting-ssl-private-keys-nginx-hashicorp-vault/

Copy

For more SSL-options please consult Nginx documentation.

Type to search, ESC to discard
Type to search, ESC to discard
Type to search, ESC to discard
Next to read:
Origin Client Source Identification
On This Page
SSL ConfigurationsAdvanced SSL configurations