Skip to main content

How to Install SSL on the File Server

Secure your ServiceOps file server and protect all file attachments and transfers by enabling HTTPS with a valid SSL certificate.

This guide walks you through installing an SSL certificate on the ServiceOps file server. It covers the Windows service and the external Linux file server. The internal Linux file server uses the same SSL procedure as the main application server. Follow the main application SSL guide for that setup.

Prerequisites

RequirementDescription
SSL CertificateA valid certificate file with the .crt (or .pem) extension.
Private KeyThe matching private key file with the .key extension.
Admin AccessLocal administrator rights on Windows, or root/sudo on Linux.
File Server RunningThe ServiceOps file server service must be installed before you configure SSL.

How It Works

The ServiceOps file server uses Nginx as a reverse proxy to handle HTTPS traffic. You place your SSL certificate and private key in the correct directory, update the Nginx configuration to reference those files, then restart both Nginx and the file server service. Nginx terminates the SSL connection and forwards requests to the file server internally on HTTP.

Step 1: Place the SSL Files on the Local Disk

Copy your certificate and private key files to a local folder on the file server machine.

  1. Create the directory C:\NEWFILE\ if it does not already exist.
  2. Copy your certificate file (.crt or .pem) into C:\NEWFILE\.
  3. Copy your private key file (.key) into C:\NEWFILE\.
Use a Local Directory

Do not place the certificate and key files on a shared or network path. Nginx must read them locally on the file server at all times. A network path that becomes unavailable will prevent Nginx from starting.

Step 2: Navigate to the Nginx Configuration Folder

Open the Nginx folder inside the file server installation path. The default location is:

C:\Program Files\motadata\serviceops\package\nginx

From there, open the conf subfolder. This folder contains nginx.conf.

Step 3: Open and Inspect nginx.conf

Open nginx.conf in a text editor with administrator privileges (for example, Notepad++).

In the default file, the SSL-related directives are commented out with a leading # character:

Default nginx.conf on a Windows file server showing the commented-out HTTPS listener and SSL directives that need to be activated

Step 4: Update the Configuration

Apply the following edits inside the SSL block:

  1. Remove the leading # from the highlighted lines to uncomment the HTTPS listener and the SSL directives.
  2. Set ssl_certificate to the absolute path of your .crt file.
  3. Set ssl_certificate_key to the absolute path of your .key file.
  4. Use double backslashes as path separators and wrap each path in double quotes.

After your edits, the SSL block should look like this:

listen 443 ssl;
ssl_certificate      "C:\\NEWFILE\\STAR.crt";
ssl_certificate_key  "C:\\NEWFILE\\STAR.key";
  1. Save the file.

nginx.conf on a Windows file server after SSL configuration, showing the uncommented SSL directives with certificate and key paths using double backslashes

Step 5: Restart the Nginx Service

  1. Open Services (services.msc).
  2. Locate nginxservice in the list.
  3. Right-click nginxservice and select Restart.

If the restart succeeds, the Nginx configuration is valid and SSL is now active. If the restart fails, the configuration is not valid. Re-open nginx.conf, confirm the correct lines are uncommented and the certificate paths are correct, then restart again.

Step 6: Restart the File Server Service

Once nginxservice restarts successfully, restart the file server service so it picks up the new SSL configuration.

  1. In Services, locate motadata-fileserver-server.
  2. Right-click motadata-fileserver-server and select Restart.

Verify the SSL Installation on Windows

Open a Command Prompt with administrator privileges and run the following commands.

Check that port 443 is listening:

netstat -ano | findstr :443

The output must show at least one row with the state LISTENING. Cross-check the PID against the Nginx process:

tasklist /FI "PID eq <pid>"

Check the Nginx service status:

sc query nginxservice

Check the file server service status:

sc query motadata-fileserver-server

Both services must show RUNNING state.

Troubleshooting

Port 443 is not in the LISTENING or active state after restart:
Re-open the Nginx configuration file (`nginx.conf` on Windows or `fmt_nginx.conf` on Linux). Confirm the SSL directives are uncommented, the file paths are correct and accessible by the Nginx process, and the path separator style matches the OS (double backslashes inside double quotes on Windows, single forward slashes on Linux). On Linux, run `nginx -t` to test the configuration before restarting. Restart Nginx after any change and run the verification commands again.
Nginx fails to restart after configuration changes.
The paths in the configuration do not match the actual file locations, or the certificate and key files do not correspond to each other. Confirm both files exist at the specified paths and that the key matches the certificate.

Quick Reference

ItemWindows File ServerLinux File Server (External)
Nginx config file located at default pathC:\Program Files\motadata\serviceops\package\nginx\conf\nginx.conf/etc/nginx/conf.d/fmt_nginx.conf
Default HTTP port8080
HTTPS port443443
Path separator in configDouble backslash inside double quotes, e.g. "C:\\NEWFILE\\STAR.crt"Single forward slash, e.g. /root/ssl/STAR.crt
Activate SSL directivesUncomment the marked block in nginx.conf (remove leading #)Already active in fmt_nginx.conf — update the certificate paths only
Restart NginxServices (services.msc) > nginxservice > Restartsudo systemctl restart nginx
Restart file serverServices > motadata-fileserver-server > Restartsudo systemctl restart ft-file-server