3.8. Configuring TLS/SSL

Metadefender Core supports accessing Web UI and REST interface via HTTPS. This feature is not enabled by default. To enable the feature you should modify Metadefender Core server configuration by following the next steps:

First create your certificate and key files in convenient directory. Let us take paths as an example /etc/ometascan/nginx.d/your.crt and /etc/ometascan/nginx.d/your.key for Linux and C:/Program Files/OPSWAT/Metadefender Core/nginx/your.crt and C:/Program Files/OPSWAT/Metadefender Core/nginx/your.key for Windows accordingly.

On Linux

  1. Create file ssl.conf in the directory /etc/ometascan/nginx.d

  2. Enter SSL-configuration according to Nginx. To allow simple SSL one needs to add the following lines only:

    ssl on;
    ssl_certificate /etc/ometascan/nginx.d/your.crt;
    ssl_certificate_key /etc/ometascan/nginx.d/your.key;
  3. Service restart is required.

On Windows

  1. Create file ssl.conf in the directory <Installation Directory>\nginx.

  2. Enter SSL-configuration according to Nginx. To allow simple SSL one needs to add the following lines only (note the forward "/" slashes)

    ssl on;
    ssl_certificate "C:/Program Files/OPSWAT/Metadefender Core/nginx/your.crt";
    ssl_certificate_key "C:/Program Files/OPSWAT/Metadefender Core/nginx/your.key";
  3. A restart of the “OPSWAT Metadefender Core” service is required.

Note that certificate and key files should be obtained and saved by the user in a convenient location, adjust the paths accordingly.

Note: When choosing location for cert and key files, make sure the files are in a location which is readable to the service user.

For more SSL-options please consult Nginx documentation.