Enable MMS Access over SSL¶
For stronger security, it is recommended to configure communication between MMTE Client and MMTE Server to run over SSL cryptographic protocol.
SSL encryption is performed using the standard OpenSSL library.
You can also employ any valid SSL certificate.
An SSL certificate is required for establishing an encrypted connection. MMTE establishes the following technical requirements:
- Both self-signed certs and certs from an official trusted CA are supported.
- Syntax standard: Public-Key Cryptography Standards #8 (PKCS#8)
- Certificate file format: binary (DER)
For enterprise users, it is recommended to get these certs from your corporate network/security team by providing the required server information.
How to Prepare a Certificate¶
Once you have your certificate (as the
crt files), use OpenSSL for converting them into output files suitable for your server:
$ openssl pkcs8 -in your_key_file.key -topk8 -v1 PBE-SHA1-RC4-128 -out server.key
$ openssl x509 -outform der -in your_certificate_file.crt -out server.crt
How to Install a Certificate¶
There are two options:
- Install using MMTE Administrator UI: read this topic – recommended, user-friendly method
- Install manually:
Follow these steps if you want to do everything by hand – it needs more experience:
crtfiles somewhere on your MMTE Server hard drive.
Open the config.json configuration file for editing. Normally, it is located in the directory
<METAMINER INSTALLATION DIRECTORY>\server\confg\
Edit the following configuration variables:
Variable Type Description properties:mms.ssl Boolean Use SSL for MMS connection. properties:mms.ssl.pk String Valid path and filename of the private key file (
properties:mms.ssl.cert String Valid path and filename of the server cert file (
properties:mms.ssl.pk.passw String A passphrase for your private key
Save the file.
Restart MMTE Server.
All MMTE Client installations will switch connection type to SSL-encrypted automatically upon next restart (read Connecting over SSL for details).
MMTE Administrator saves your SSL settings to exact the same config variables.