Enable HTTPS

Quick Overview

  1. Prepare self-signed or 3rd party certificate.

  2. Use ChangeProtocol tool in order to switch to HTTPS protocol.

Step by step guide

  1. Open ChangeProtocol.exe tool by navigating to the Tools folder in the installation directory
    Note:by default is located at C:\Program Files\OPSWAT\MetaDefender Vault\Tools

  2. Run the tool on the machine where MetaDefender Vault is installed

  3. Provide login details for the local administrator account and click Login

    images/download/attachments/39346087/image2018-2-7_9-17-44.png
  4. Select HTTPS protocol

    images/download/attachments/39346087/image2018-3-9_18-31-36.png
  5. Refer to Information regarding certificates in order to obtain the certificate and the certificate key

  6. Fill the desired settings in the configuration window. Note that you can find more information about each field below.

    images/download/attachments/39346087/image2019-8-8_14-58-0.png
  7. The table below describes in detail each setting

    Name

    Description

    Example

    IP address

    Allows the user to limit the IP addresses that can access the Web UI
    Leave 0.0.0.0 in order to set the binding to all IP addresses.

    0.0.0.0 → allow unrestricted access
    192.168.16.16 → only allow clients from this IP address

    REST settings: Port

    The port used for internal communication between MetaDefender Vault Services
    The default value is 8000.

    Please note that the REST service will no longer be shared with the Web UI port.
    All calls to the REST endpoints should be made through the Web UI port.

    Please also note that the port remains exposed to configuration for backwards
    compatibility reasons but it should not be changed.

    Web UI settings: Host

    The host name that will be used to reach your MetaDefender Vault Web UI.

    Please note that this host name should be accessible inside your
    network in order to allow clients to access the web portal.

    Please also note that this is the same value that will be used
    when composing links in email notifications.

    files.opswat.com → users will have to type https://files.opswat.com in browser
    in order to access the user interface and all links in the sent email notifications
    (if you have configured SMTP) will look like:
    https://files.opswat.com/file/8b822a734eea4afdaf5bcd01bfec8416

    A DNS settings should be previously configured to ensure clients can resolve
    files.opswat.com.

    Web UI settings: Port

    The port used to reach MetaDefender Vault Web UI and REST API endpoints.

    You can leave this to the default value 443 in order for your users
    not to require writing the port in the browser address bar.

    443 → users will have to type https://files.opswat.com in browser
    in order to access the user interface
    8010 → users will have to type https://files.opswat.com:8010 in browser
    in order to access the user interface

    For REST API calls

    443 → in order to expose the API at https://localhost/vault_rest
    8010 → in order to expose the API at https://localhost:8010/vault_rest

    SSL certificate

    The path to the SSL certificate to use.

    Please refer to Information regarding certificates for more details

    SSL certificate key

    The path to the SSL certificate's private key.

    SSL Password file

    The path to the text file containing the password for the protected certificate.

  8. Click Apply in order to finish this process.

The Enabling HTTPS with Metadefender Core v4 page has instructions on how to set up Metadefender Core v4 with HTTPS.

The Enabling HTTPS with Metadefender Core v3 page has instructions on how to set up Metadefender Core v3 with HTTPS.