In certain cases upgrading the REST interface from HTTP to HTTPS fails, resulting in an inconsistent state where the connection is accepted via HTTPS only, but the HTTPS handshake fails. In this case the web management console becomes unavailable.
When the REST interface is upgraded to HTTPS (for details see 4.2. Transport Layer Security) using an expired certificate, then the configuration will succeed. Later, when the actual connection happens from a browser client, the browser will refuse to connect cause the certificate is expired.
The resolution requires the following:
PsExec tool from Microsoft Sysinternals being installed,
Administrator privileges to edit the config file and reload REST backend.
PsTools containing the PsExec tool can be downloaded from https://docs.microsoft.com/en-us/sysinternals/downloads/psexec.
To manually downgrade the REST interface from HTTPS to HTTP perform the following steps:
Service must be running
While performing this steps, it is important that the MetaDefender Email Gateway Security service must be running.
DO NOT stop the MetaDefender Email Gateway Security service before performing these steps!
Reload REST backend with modified configuration
As Administrator launch the following command in a command shell:
<PsTools path>\PsExec.exe -s <Email Gateway Security installation directory>\nginx\nginx.exe -s reload -c c:\Windows\Temp\mdemailsecurity\nginx.conf
"C:\Program Files\OPSWAT\MetaDefender Email Security\nginx\nginx.exe"
-s reload -c C:\Windows\Temp\mdicapsrv\nginx.conf
Check the command output for potential errors
On success nginx.exe must exit with code 0. For example:
C:\Program Files\OPSWAT\MetaDefender Email Security\nginx\nginx.exe exited on LP10-D4119 with error code
The following message does not indicate an error:
is not supported, ignored in c:\Windows\Temp\mdemailsecurity\nginx.conf:
Open the web management console via HTTP
Open Email Gateway Security’s web management console pointing your browser to the location where the product’s REST interface is listening
Remember to provide http as schema instead of https
Disable HTTPS in web management console
Navigate to Settings > Security and make Enable HTTPS connection disabled
After performing all these steps, Email Gateway Security will be available via HTTP even after a service restart.