This article provides step by step guide on how to switch Metadefender Secure File Transfer to HTTPS.
Step-by-step guide using self-signed certificate
- Open the Secure File Transfer web application and login using an administrator account
- From the left side menu, navigate to Configuration → Change URL
- On the Change URL page, toggle on the HTTPS switch
- Click on the Update button from the bottom of the Change URL page
- Open the “<SFT installation directory>\Config” folder (e.g., "C:\Program Files (x86)\OPSWAT\Metadefender Secure File Transfer\Config\").
- Open the “applicationhost.config” file using Notepad.
-
Find the “<sites>” XML tag and add the HTTPS binding to the “Metadefender SFT” website. Please see below for details:
<
binding
protocol
=
"https"
bindingInformation="*:443:<YOUR_DOMAIN>"/>
Your edited binding should look similar to the one shown below:
Optionally, remove the HTTP binding, if you only want SFT to work over HTTPS.
Save and close the “applicationhost.config” file.
Open the “<SFT installation directory>\Services>” folder (e.g. 'C:\Program Files (x86)\OPSWAT\Metadefender Secure File Transfer\Services')
-
Open the "pp.sft.rest.service.exe.config" file and edit the 'RestHostAddress' entry value to use the HTTPS protocol (e.g., 'https://{computer_name}:8000/sft_rest').
Save and close the "pp.sft.rest.service.exe.config" file.
-
Open a Command Prompt, running using administrator privileges and type the following command
certutil -store MY
- Copy the value from the 'Cert Hash' field and remove the spaces (e.g. the edited hash should look like this ef8a0fc5620b621a54fb367f1e7ee45e1ba6d006)
- Generate a new GUID. One option would be to use the following online resourse: https://www.guidgenerator.com/online-guid-generator.aspx (e.g. generated GUID should look like this {CDA52389-5954-44C2-8CF0-38062D1572F8})
-
Switch back to the command prompt and run the following command
netsh http add sslcert ipport=0.0.0.0:443 certhash=your_hash appid={your_guid}
Replacing your_hash with the certificate hash from step #14 and your_guid with the GUID generated at step #15 (make sure the value of the GUID is surrounded by curly brackets - {}).
e.g. netsh http add sslcert ipport=0.0.0.0:443 certhash=ef8a0fc5620b621a54fb367f1e7ee45e1ba6d006 appid={CDA52389-5954-44C2-8CF0-38062D1572F8} -
Please follow the remaining steps, only if you also want to move the REST service to use a secure connection (i.e. enable HTTPS)
Similar to the previous steps, run the following command:netsh http add sslcert ipport=0.0.0.0:8000 certhash=your_hash appid={your_guid}
Replace your_hash and your_guid with the same values from the previous step
e.g. netsh http add sslcert ipport=0.0.0.0:8000 certhash=ef8a0fc5620b621a54fb367f1e7ee45e1ba6d006 appid={CDA52389-5954-44C2-8CF0-38062D1572F8}Note: If you are using PowerShell you must enclose the appid in quotes.
- Restart the Metadefender Secure File Transfer REST Service
- In Commpand Prompt, run “net stop sftREST”
- After the service stopped, run “net start sftREST”
- Note: if there is an error when trying to start the service please see REST service cannot be started on default port 8000 to fix the issue
- Open the "<SFT installation directory>\WebClient" folder (e.g. C:\Program Files (x86)\OPSWAT\Metadefender Secure File Transfer\WebClient\)
- Open the config.json file in Notepad.
- Change the "protocol" value to "https".
- Leave port value unaltered (e.g. "8000"), unless the REST service listens on a different port, or you've changed the port in step #11 (e.g. 443). In this case, update the port accordingly.
- Save and close the "config.json" file.
- Restart the Metadefender Secure File Transfer Helper Service (execute “net stop sftHelper” and then “net start sftHelper” in command prompt)
Test that the site works by visiting https://<Domain> (Make sure to clear cookies or try in incognito browser)
Follow these steps in order to switch to https in a real environment.
Step-by-step guide using real certificate
- Before you start, you will need the following prerequisites
- Open the Secure File Transfer web application and login using an administrator account
- From the left side menu, navigate to Configuration → Change URL
- On the Change URL page, toggle on the HTTPS switch
- Click on the Update button from the bottom of the Change URL page
- Open the “<SFT installation directory>\Config” folder (e.g., "C:\Program Files (x86)\OPSWAT\Metadefender Secure File Transfer\Config\").
- Open the “applicationhost.config” file using Notepad.
-
Find the “<sites>” XML tag and add the HTTPS binding to the “Metadefender SFT” website. Please see below for details:
<
binding
protocol
=
"https"
bindingInformation="*:443:<YOUR_DOMAIN>"/>
Your edited binding should look similar to the one shown below:
Optionally, remove the HTTP binding, if you only want SFT to work over HTTPS.
Save and close the “applicationhost.config” file.
Open the “<SFT installation directory>\Services>” folder (e.g. 'C:\Program Files (x86)\OPSWAT\Metadefender Secure File Transfer\Services')
-
Open the "pp.sft.rest.service.exe.config" file and edit the 'RestHostAddress' entry value to use the HTTPS protocol (e.g., 'https://{computer_name}:8000/sft_rest').
Save and close the "pp.sft.rest.service.exe.config" file.
- Restart the Metadefender Secure File Transfer REST Service
- In Commpand Prompt, run “net stop sftREST”
- After the service stopped, run “net start sftREST”
- Note: if there is an error when trying to start the service please see REST service cannot be started on default port 8000 to fix the issue
- Open the "<SFT installation directory>\WebClient" folder (e.g. C:\Program Files (x86)\OPSWAT\Metadefender Secure File Transfer\WebClient\)
- Open the config.json file in Notepad.
- Change the "protocol" value to "https".
- Leave port value unaltered (e.g. "8000"), unless the REST service listens on a different port, or you've changed the port in step #11 (e.g. 443). In this case, update the port accordingly.
- Save and close the "config.json" file.
- Restart the Metadefender Secure File Transfer Helper Service
- In Commpand Prompt, run “net stop sftHelper”
- After the service stopped, run “net start sftHelper”
Test that the site works by visiting https://<Domain>. (Make sure to specify https:// ) (Also clear cookies or try in incognito browser)