Enable HTTPS for earlier versions

Warning

Use the steps described below in order to switch to HTTPS protocol for MetaDefender Vault (previously SFT) versions before 1.1.9

If you are using version 1.1.9 or higher please refer to 8.10 Enable HTTPS.

Quick Overview

  1. Prepare self-signed or 3rd party certificate.

  2. On MetaDefender Vault configuration page (Configuration → Change URL), enable HTTPS.

  3. Update SFT configuration file (applicationhost.config) for https binding.

  4. Open the "pp.sft.rest.service.exe.config" file and edit the 'RestHostAddress' entry value to use the HTTPS protocol (e.g., 'https://{computer_name}:8000/sft_rest').

  5. Open the "config.json" file and edit the protocol to use HTTPS protocol

  6. Enable HTTPS for the REST service using netsh

  7. Restart sftRest & sftHelper services

The Enabling HTTPS with Metadefender Core v4 page has instructions on how to set up Metadefender Core v4 with HTTPS.

The Enabling HTTPS with Metadefender Core v3 page has instructions on how to set up Metadefender Core v3 with HTTPS.

Also, if using a self-signed certificate, you MUST follow all directions in the "Trusting local or remote self signed security certificate" section as well.

Step-by-step guide

  1. Follow Information regarding certificates in order to install a certificate on the machine.

  2. Open the Secure File Transfer web application and log in using an administrator account

  3. From the left side menu, navigate to ConfigurationChange URL

  4. On the Change URL page, toggle on the HTTPS switch

    images/download/attachments/6660534/image2016-3-30_17_21_30.png

  5. Click on the Update button from the bottom of the Change URL page

  6. Open the “<installation directory>\Config” folder (e.g., "C:\Program Files\OPSWAT\Metadefender Secure File Transfer\Config\").

  7. Open the “applicationhost.config” file using Notepad.

  8. Find the “<sites>” XML tag and add the HTTPS binding to the “Metadefender SFT” website. Please see below for details:

    <binding protocol="https" bindingInformation="*:443:*"/>

    Your edited binding should look similar to the one shown below:
    images/download/attachments/6660534/image2017-4-27_14-20-46.png

  9. Optionally, remove the HTTP binding, if you only want MetaDefender Vault to work over HTTPS.

  10. Save and close the “applicationhost.config” file.

  11. Open the “<installation directory>\Services>” folder (e.g. 'C:\Program Files\OPSWAT\Metadefender Secure File Transfer\Services')

  12. Open the "pp.sft.rest.service.exe.config" file and edit the 'RestHostAddress' entry value to use the HTTPS protocol (e.g., 'https://{computer_name}:8000/sft_rest').

    images/download/attachments/6660534/image2016-2-12_15_53_7.png

  13. Save and close the "pp.sft.rest.service.exe.config" file.

  14. Open the "<installation directory>\WebClient" folder (e.g. C:\Program Files\OPSWAT\Metadefender Secure File Transfer\WebClient\)

  15. Open the config.json file in Notepad.

  16. Change the "protocol" value to "https".

  17. Leave port value unaltered (e.g. "8000"), unless the REST service listens on a different port, or you've changed the port in step #11 (e.g. 443). In this case, update the port accordingly.

  18. Save and close the "config.json" file.

  19. Restart the Metadefender Secure File Transfer REST Service

    1. In Command Prompt, run “net stop sftREST”

    2. After the service stopped, run “net start sftREST”

    Note: If sftREST service can't be started, please refer to the sub-page of Troubleshooting.

  20. Restart the Metadefender Secure File Transfer Helper Service

    1. In Command Prompt, run “net stop sftHELPER”

    2. After the service stopped, run “net start sftHELPER”

  21. Test that the site works by visiting https://localhost (make sure to clear cookies or try in incognito browser)