Manualshelf

Installation guide

ManualsBrandsAbit ManualsComputer equipmentLicense Scanner
919293949596979899100
100
Creating and Deploying SSL Authentication for Nessus
An example SSL Certificate configuration for Nessus to SecurityCenter authentication is included below:
In the example described here, SecurityCenter and the Nessus scanner are defined as follows. Your configuration will
vary:
SecurityCenter:
IP: 192.168.10.10
OS: Red Hat ES 5
Nessus Scanner:
IP: 192.168.11.30
OS: Red Hat ES 5
Create Keys and User on Nessus Server
Log in to the Nessus scanner and use the su command to become the root user. Create the Certificate Authority and
Nessus server certificate as follows:
# /opt/nessus/sbin/nessus-mkcert
--------------------------------------------------------------------------
Creation of the Nessus SSL Certificate
--------------------------------------------------------------------------
This script will now ask you the relevant information to create the SSL
certificate of Nessus. Note that this information will *NOT* be sent to
anybody (everything stays local), but anyone with the ability to connect to your
Nessus daemon will be able to retrieve this information.
CA certificate life time in days [1460]:
Server certificate life time in days [365]:
Your country (two letter code) [US]:
Your state or province name [NY]:
Your location (e.g. town) [New York]:
Your organization [Nessus Users United]: Tenable Network Security
This host name [Nessus4_2]:
Congratulations. Your server certificate was properly created.
The following files were created :
. Certification authority :
Certificate = /opt/nessus//com/nessus/CA/cacert.pem
Private key = /opt/nessus//var/nessus/CA/cakey.pem
. Nessus Server :
Certificate = /opt/nessus//com/nessus/CA/servercert.pem
Private key = /opt/nessus//var/nessus/CA/serverkey.pem
Next, create the user ID for the Nessus client, which is SecurityCenter in this case, to log in to the Nessus server with, key
and certificate. This is done with the command /opt/nessus/sbin/nessus-mkcert-client. If the user does not
exist in the Nessus user database, it will be created. If it does exist, it will be registered to the Nessus server and have a
distinguished name (dname) associated with it. It is important to respond “y” (yes) when prompted to register the user with
the Nessus server for this to take effect. The user must be a Nessus admin, so answer “y” when asked. The following
example shows the prompts and typical answers: