Enable MMS Access over SSL

For stronger security, it is recommended to configure communication between MMTE Client and MMTE Server to run over SSL cryptographic protocol.

SSL encryption is performed using the standard OpenSSL library.

Certificate Requirements

You can also employ any valid SSL certificate.

An SSL certificate is required for establishing an encrypted connection. MMTE establishes the following technical requirements:

• Both self-signed certs and certs from an official trusted CA are supported.
• Syntax standard: Public-Key Cryptography Standards #8 (PKCS#8)
• Certificate file format: binary (DER)

Important

For enterprise users, it is recommended to get these certs from your corporate network/security team by providing the required server information.

How to Prepare a Certificate

Once you have your certificate (as the key and crt files), use OpenSSL for converting them into output files suitable for your server:

1. Convert the key file:

   $ openssl pkcs8 -in your_key_file.key -topk8 -v1 PBE-SHA1-RC4-128 -out server.key
   

2. Convert the crt file:

   $ openssl x509 -outform der -in your_certificate_file.crt -out server.crt
   

How to Install a Certificate

There are two options:

• Install using MMTE Administrator UI: read this topic – recommended, user-friendly method
• Install manually:

Follow these steps if you want to do everything by hand – it needs more experience:

1. Store converted key and crt files somewhere on your MMTE Server hard drive.

2. Open the config.json configuration file for editing. Normally, it is located in the directory <METAMINER INSTALLATION DIRECTORY>\server\confg\

3. Edit the following configuration variables:

   Variable	Type	Description
   properties:mms.ssl	Boolean	Use SSL for MMS connection.
   properties:mms.ssl.pk	String	Valid path and filename of the private key file (.key)
   properties:mms.ssl.cert	String	Valid path and filename of the server cert file (.crt)
   properties:mms.ssl.pk.passw	String	A passphrase for your private key

4. Save the file.

5. Restart MMTE Server.

6. All MMTE Client installations will switch connection type to SSL-encrypted automatically upon next restart (read Connecting over SSL for details).

MMTE Administrator saves your SSL settings to exact the same config variables.

See Also

Network Configuration

Securing Your Installation

Launching MMTE