Run REST on HTTPS

By default, communication with the REST web server is not encrypted. If you set up an HTTPS server, the server can enforce secure connections between client and server on an SSL channel. This section describes how to configure IIS Express to host an HTTPS server.

Requirements

In order to set up an HTTP server, you must have a trusted certificate issued by a certificate authority or a self-signed certificate used for development testing.

See the Installing a Certificate section below for information on how to install a self-signed server certificate.

Go here for information on how to install a certificate authority-signed server certificate.

Installing a certificate

To install a certificate, do the following:

  1. Click on the Start menu, type “MMC.exe” in the search box and press Enter.
    The MMC window appears.

  2. Select File > Add/Remove Snap-In .

  3. In the Available snap-ins drop-down menu, select Certificates and click Add .

  4. Select Computer account , click Next , and then click Finish .
    Tip: This process creates a certificate for all user accounts. The certmgr.msc command only creates a certificate for the current user account.

    images/download/attachments/37416273/image44.gif
  5. Click OK to load the certificates snap-in.

  6. Expand the Certificates menu and browse to your certificate location.
    Note: The image below uses the metascan_rest certificate as an example. Your certificate can have any name.
    images/download/attachments/37416273/image45.gif

  7. Double-click the certificate name you want to use for the MetaDefender REST Server and go to the Details tab.

  8. Select Thumbprint in the list and copy the value to a text editor for later use.
    images/download/attachments/37416273/image46.gif

  9. Click on the Start menu and open a command prompt.

  10. Execute the following command:
    netsh http add sslcert ipport=0.0.0.0:443 appid={214124cd-d05b-4309-9af9-9caa44b2b74a} certhash=<certificate thumbprint retrieved on step 8>
    Note: Be sure to remove any spaces in the thumbprint so the command can execute properly.

  11. The following message appears indicating that the SSL Certificate was successfully added.
    images/download/attachments/37416273/image47.gif

Enabling HTTPS on IIS Express

To enable HTTPS on IIS Express, do the following:

  1. Open the REST Config folder (e.g., C:\Program Files (x86)\OPSWAT\Metadefender Kiosk\Client\REST\Config).

  2. Open the applicationhost.config file in a text editor.

  3. Go to the <sites> tag and add the HTTPS binding to the ‘metadefender_rest’ website.
    Note: See the image below for details.

    images/download/attachments/37416273/image41.gif

  4. Save and close the applicationhost.config file.

  5. Open a command prompt.

  6. Stop the MetaDefender REST server by executing the following command: net stop omdREST

  7. Restart the MetaDefender REST server by executing the following command: net start omdREST

  8. Test that the site works by visiting "https://localhost/". The following message should appear:

    images/download/attachments/37416273/image48.gif
  9. For additional information see 5.1. Trusting an HTTPS MetaDefender Core Server