Installation guide

ManualsBrandsAbit ManualsComputer equipmentLicense Scanner

100

File Name Created

Purpose

Where to Copy to

/opt/nessus/com/nessus

/CA/cacert.pem

This is the certificate for the Certificate

Authority. If using an existing PKI, this

will be provided to you by the PKI and

must be copied to this location.

/opt/nessus/com/nessus/CA on the

initial Nessus server and any additional

Nessus servers that need to authenticate

using SSL.

/opt/nessus/com/nessus

/CA/servercert.pem

This is the public certificate for the

Nessus server that is sent in response to

a CSR.

/opt/nessus/com/nessus/CA on any

additional Nessus servers that need to

authenticate using SSL.

/opt/nessus/var/nessus

/CA/cakey.pem

This is the private key of the Certificate

Authority. It may or may not be provided

by the Certificate Authority, depending

on if they allow the creation of sub users.

/opt/nessus/var/nessus/CA on any

additional Nessus servers that need to

authenticate using SSL.

/opt/nessus/var/nessus

/CA/serverkey.pem

This is the private key of the Nessus

server.

/opt/nessus/var/nessus/CA on any

additional Nessus servers that need to

authenticate using SSL.

Nessus Client Keys

The Nessus user, in this case the user ID that SecurityCenter uses to communicate with the Nessus server, is created by

the following command:

# /opt/nessus/sbin/nessus-mkcert-client

This command creates the keys for the Nessus clients and optionally registers them appropriately with the Nessus server

by associating a distinguished name (dname) with the user ID. It is important to respond “y” (yes) when prompted to

register the user with the Nessus server for this to take effect. The user name may vary and is referred to here as “user”.

The certificate filename will be a concatenation of “cert_”, the user name you entered and “.pem”. Additionally, the key

filename will be a concatenation of “key_”, the user name you entered and “.pem”.

If the user was previously added via the /opt/nessus/sbin/nessus-adduser command, you will still need to run this

program to register the user. If you have not previously created the user, it is not necessary to also run the nessus-

adduser command; the user will be created if it does not already exist. The following files are created by this command:

File Name Created

Purpose

/tmp/nessus-

xxxxxxxx/cert_{user}.pem

This is the public certificate for the specified user.

/tmp/nessus-

xxxxxxxx/key_{user}.pem

This is the private key for the specified user.

/opt/nessus/var/nessus/users

/{user}/auth/dname

This is the distinguished name to be associated with this user. The

distinguished name consists of a number of fields separated by commas in the

following format:

"/C={country}/ST={state}/L={location}/OU={organizational

unit}/O={organization/CN={common name}"