Configuring HTTPS

MetaDefender Storage Security can be configured to support HTTPS communication when accessing the Web UI and REST API.

Enable HTTPS on Windows-based deployments

For enabling HTTPS communication please follow these steps:

  1. Obtain the certificate and the private key as two separate files (for example, crt.pem & key.pem )

  2. Rename the private key file in the form of <name>.key such that the extension of the file is .key

  3. Place the certificates in config\nginx\certificates folder inside the installation directory (by default, in C:\Program Files\OPSWAT\MetaDefender Storage Security\config\nginx\certificates)

  4. Navigate to the docker folder (by default, in C:\Program Files\OPSWAT\MetaDefender Storage Security\scripts)

  5. Open a PowerShell command prompt and run the following command

PS> .\mdss.ps1 -u enable_https
  1. Verify that HTTPS is configured correctly by navigating with your browser.

Disable HTTPS on Windows-based deployments

For disabling HTTPS communication please follow these steps:

  1. Navigate to the docker folder (by default, in C:\Program Files\OPSWAT\MetaDefender Storage Security\scripts)

  2. Run the following command in PowerShell:

PS> .\mdss.ps1 -u disable_https
Warning

Certificate Handling When Disabling HTTPS

Disabling HTTPS on Windows will also "disable" the certificates found in config/nginx/certificates by renaming them to: ssl_key_disabled and ssl_crt_disabled .

If you plan to re-enable HTTPS using the same certificates, you must manually rename them back to ssl.key and ssl.crt.

Enable HTTPS on Unix-based deployments

For enabling HTTPS communication please follow these steps:

  1. Obtain the certificate and the private key as two separate files (for example, crt.pem & key.pem )

  2. Rename the private key file in the form of <name>.key such that the extension of the file is .key

  3. Place your certificates in /etc/mdss/webclient/

  4. Run the enable_https utility by executing the following command:

sudo mdss -u enable_https
  1. Verify that HTTPS is configured correctly by navigating with your browser.

Disable HTTPS on Unix-based deployments

For disabling HTTPS communication, run the following command:

sudo mdss -u disable_https