Title
Create new category
Edit page index title
Edit category
Edit link
Configuring HTTPS
MetaDefender Software Supply-Chain can be configured to support HTTPS communication when accessing the Web UI and REST API.
Enable HTTPS on Unix-based deployments
For enabling HTTPS communication please follow these steps:
Obtain the certificate and the private key as two separate files (for example: crt.pem & key.pem )
Rename the private key file in the form of <name>.key such that the extension of the file is .key
Place your certificates in /etc/mdssc/webclient/
Run the enable_https utility by executing the following command:
Verify that HTTPS is configured correctly by navigating with your browser.
Disable HTTPS on Unix-based deployments
For disabling HTTPS communication, run the following command:
Custom CA certificates
Custom certificates can be loaded in each MDSSC container by placing them in the appropriate configuration directory depending on the host OS. If the directory does not exist, an empty one is created at startup. Any number of certificates can be placed in the directory and they will be loaded into MDSSC.
Configuring custom certificates on Linux
Certificates are loaded from the following path:
After you add them to the specified folder above, restart MDSSC with the following command:
Certificates should be in .crt format
The full SSL certificate chain should be loaded in MDSSC, especially if the certificate wasn't issued by a trusted CA
Root CAs and intermediate CAs can be loaded using the same procedure
Certificate validation for MetaDefender Software Supply Chain
This environment variable controls certificate validation for MetaDefender Software Supply Chain integration during HTTP(S) requests. It is useful when MetaDefender Software Supply Chain needs to accept a partially valid certificate chain or a self-signed certificate.
You will need to edit /etc/mdssc/customer.env file and add the following environment variable with one of the values explained below:
Possible values
Default → A MetaDefender Core server with invalid certificate can't be integrated
IgnoreChainErrors → A MetaDefender Core server with certificate chain errors can be integrated
IgnoreAllErrors → A MetaDefender Core server with invalid certificate can be integrated