Installation guide

ManualsBrandsAbit ManualsComputer equipmentLicense Scanner

101

102

103

104

105

106

107

108

109

110

103

Using Custom Certificates

During an upgrade, SecurityCenter will check for the presence of custom SSL certificates. If certificates are found and the

owner is not Tenable, any newly generated certificates will be named with a “.new” extension and placed in the

/opt/sc4/support/conf directory to avoid overwriting existing files.

Deploy to other Nessus Scanners

Configure any other Nessus scanners for SecurityCenter use and certificate authentication prior to performing

the following tasks.

If you have other Nessus servers that will need to authenticate using the same SSL certificates and user names, simply

copy the files to the other servers as follows:

# cd /opt/nessus/var/nessus/CA

# scp cakey.pem serverkey.pem root@nessusIP:/opt/nessus/var/nessus/CA

# cd /opt/nessus/com/nessus/CA

# scp cacert.pem servercert.pem root@nessusIP:/opt/nessus/com/nessus/CA

You will then need to copy the Nessus user(s) to all the Nessus servers, replacing ‘admin’ in the following command with

the user’s name:

# cd /opt/nessus/var/nessus/users

# tar –zcvf – admin | ssh –C root@nessusIP "tar –zxvf - -C

/opt/nessus/var/nessus/users"

Finally, restart the Nessus service on all the Nessus servers with the appropriate command for your system. This example

is for Red Hat:

# /sbin/service nessusd restart

Use the steps from above (Changing the Nessus Mode of Authentication) to add the new server(s) to SecurityCenter

using certificate-based authentication.

Nessus Configuration for Windows

Commands and Relevant Files

The following section describes the commands and relevant files involved in the Nessus SSL process on a Windows

system.

Certificate Authority and Nessus Server Certificate

The nessus-mkcert.exe executable located in C:\Program Files\Tenable\Nessus creates the Certificate

Authority and generates the server certificate. This command creates the following files:

File Name Created

Purpose

Where to Copy to

C:\Program

Files\Tenable\Nessus\

nessus\CA\cacert.pem

This is the certificate for

the Certificate Authority. If

using an existing PKI, this

will be provided to you by

the PKI and must be

copied to this location.

C:\Program Files\Tenable\Nessus\nessus\CA\

on any additional Nessus servers that need to

authenticate using SSL.