5.11 Troubleshooting
Manually downgrade HTTPS to HTTP
Problem
In certain cases upgrading the REST interface from HTTP to HTTPS fails, resulting in an inconsistent state where the connection is accepted via HTTPS only, but the HTTPS handshake fails. In this case the web management console becomes unavailable.
Example
When the REST interface is upgraded to HTTPS (for details see 4.2. Transport Layer Security) using an expired certificate, then the configuration will succeed. Later, when the actual connection happens from a browser client, the browser will refuse to connect cause the certificate is expired.
Solution
Prerequisites
The resolution requires the following:
-
PsExec tool from Microsoft Sysinternals being installed,
-
Administrator privileges to edit the config file and reload REST backend.
Download PsExec
PsTools containing the PsExec tool can be downloaded from https://docs.microsoft.com/en-us/sysinternals/downloads/psexec.
Resolution
To manually downgrade the REST interface from HTTPS to HTTP perform the following steps:
Service must be running
While performing this steps, it is important that the MetaDefender Email Gateway Security service must be running.
DO NOT stop the MetaDefender Email Gateway Security service before performing these steps!
Reload REST backend with modified configuration
-
As Administrator launch the following command in a command shell:
<PsTools path>\PsExec.exe -s <Email Gateway Security installation directory>\nginx\nginx.exe -s reload -c c:\Windows\Temp\mdemailsecurity\nginx.conf
-
Example:
C:\PSTools\PsExec.exe -s
"C:\Program Files\OPSWAT\MetaDefender Email Security\nginx\nginx.exe"
-s reload -c C:\Windows\Temp\mdicapsrv\nginx.conf
-
-
Check the command output for potential errors
-
On success nginx.exe must exit with code 0. For example:
C:\Program Files\OPSWAT\MetaDefender Email Security\nginx\nginx.exe exited on LP10-D4119 with error code
0
.
-
The following message does not indicate an error:
nginx: [warn]
"user"
is not supported, ignored in c:\Windows\Temp\mdemailsecurity\nginx.conf:
1
-
Open the web management console via HTTP
-
Open Email Gateway Security’s web management console pointing your browser to the location where the product’s REST interface is listening
-
Remember to provide http as schema instead of https
-
Example:
http:
//localhost:80058
-
Disable HTTPS in web management console
-
Navigate to Settings > Security and make Enable HTTPS connection disabled
After performing all these steps, Email Gateway Security will be available via HTTP even after a service restart.