3.5. Configuring TLS

Central Management supports accessing Web UI and REST interface via HTTPS. This feature is not allowed by default, however. To allow the feature you should modify Central Management server configuration by following the next steps:

First create your certificate and key files in convenient directory. Let us take paths as an example /etc/mdcentralmgmt/nginx.d/your.crt and /etc/mdcentralmgmt/nginx.d/your.key for Linux and C:/Program Files/OPSWAT/Metadefender Centralmgmt/nginx/your.crt and C:/Program Files/OPSWAT/Metadefender Centralmgmt/nginx/your.key for Windows accordingly.

On Linux

  1. Create file ssl.conf in the directory /etc/mdcentralmgmt/nginx.d

  2. Enter SSL-configuration according to Nginx. To allow simple SSL one needs to add the following lines only:

    ssl on;
    ssl_certificate /etc/mdcentralmgmt/nginx.d/your.crt;
    ssl_certificate_key /etc/mdcentralmgmt/nginx.d/your.key;

  3. Service restart is required to take these changes into effect.

On Windows

  1. Create file ssl.conf in the directory <Installation Directory>/nginx.

  2. Enter SSL-configuration according to Nginx. To allow simple TLS one needs to add the following lines only

    ssl on;
    ssl_certificate "C:/Program Files/OPSWAT/Metadefender Centralmgmt/nginx/your.crt";
    ssl_certificate_key "C:/Program Files/OPSWAT/Metadefender Centralmgmt/nginx/your.key";

  3. Service restart is required to take these changes into effect.

'\n' sequences in paths

Using the standard Windows path separator backslash '\' may give unexpected results if directory or file names start with 'n'. The reason is that the sequence '\n' is interpreted as a new line by nginx.

For example the following directive

ssl_certificate "C:\Program Files\OPSWAT\Metadefender Centralmgmt\nginx\your.crt";

will appear at nginx as

ssl_certificate "C:\Program Files\OPSWAT\Metadefender Centralmgmt
ginx\your.crt";

As a workaround instead of backslash '\' use

  1. Forward slash '/' or

  2. Double backslash '\\'.

Note that certificate and key files are to provided by the user who can store them whenever it is convenient. Please adjust the paths accordingly.

For more TLS options please consult Nginx documentation.