Enable HTTPS

Quick Overview

  1. Prepare self-signed or 3rd party certificate.

  2. Use ChangeProtocol tool in order to switch to HTTPS protocol.

If you are using a version of MetaDefender Vault (previously SFT) before 1.1.9 please refer to Enable HTTPS for earlier versions

The Enabling HTTPS with Metadefender Core v4 page has instructions on how to set up Metadefender Core v4 with HTTPS.

The Enabling HTTPS with Metadefender Core v3 page has instructions on how to set up Metadefender Core v3 with HTTPS.

Step by step guide

  1. Open ChangeProtocol.exe tool by navigating to the Tools folder in the installation directory
    Note: by default C:\Program Files\OPSWAT\MetaDefender Vault\Tools

  2. Run the tool on the machine where MetaDefender Vault is installed

  3. Provide login details for the local administrator account and click Login

    images/download/attachments/35731421/image2018-2-7_9-17-44.png
  4. Select HTTPS protocol

    images/download/attachments/35731421/image2018-3-9_18-31-36.png
  5. Refer to Information regarding certificates in order to obtain the SSL certificate hash (Thumbprint)

  6. Fill the desired IP address, REST and Web UI settings in the configuration window. Note that you can find more information about each field below.

    images/download/attachments/35731421/image2018-3-9_18-32-40.png
  7. The table below describes in detail each setting

    Name

    Description

    Example

    IP address

    Allows the user to limit the IP addresses that can access the Web UI
    Leave 0.0.0.0 in order to set the binding to all IP addresses.

    0.0.0.0 → allow unrestricted access
    192.168.16.16 → only allow clients from this IP address

    REST settings: Port

    The port used to expose the MetaDefender Vault API
    The default value is 8000 when HTTP protocol is used.
    The default REST API endpoint is http://localhost:8000/vault_rest

    443 → in order to expose the API at https://localhost/vault_rest
    8000 → in order to expose the API at https://localhost:8000/vault_rest

    Please note that the desired port should not be used by any other application.

    Web UI settings: Host

    The host name that will be used to reach your MetaDefender Vault Web UI.

    Please note that this host name should be accessible inside your
    network in order to allow clients to access the web portal.

    Please also note that this is the same value that will be used
    when composing links in email notifications.

    files.opswat.com → users will have to type https://files.opswat.com in browser
    in order to access the user interface and all links in the sent email notifications
    (if you have configured SMTP) will look like:
    https://files.opswat.com/file/8b822a734eea4afdaf5bcd01bfec8416

    A DNS settings should be previously configured to ensure clients can resolve
    files.opswat.com.

    Web UI settings: Port

    The port used to reach MetaDefender Vault Web UI.

    You can leave this to the default value 443 in order for your users
    not to require writing the port in the browser address bar.

    443 → users will have to type https://files.opswat.com in browser
    in order to access the user interface

    8010 → users will have to type https://files.opswat.com:8010 in browser
    in order to access the user interface

    SSL certificate hash

    This is the certificate's hash (thumbprint) that will be applied.

    It should be a SHA1 hash of 40 characters long

    Please refer to Information regarding certificates for more details

  8. Click Apply in order to finish this process.