User guide

Creating a Nessus Client-Side Digital Certificate

To create a Nessus client digital certificate, run the commands and follow the prompts. Note that the defaults are in

brackets.

# /opt/nessus/sbin/nessuscli nessuscli mkcert-client

-------------------------------------------------------------------------------

Creation of the Nessus SSL Client Certificates

-------------------------------------------------------------------------------

This script will now ask you for information to create SSL client certificates.

Nessus username for user: admin

admin already exists. Do you want to overwrite their credentials? (y/n) [n]: y

Client certificate life time in days [365]:

Two letter country code [US]: US

State or province name [NY]: MD

City [New York]: Columbia

Organization [Nessus Users United]: Tenable Network Security

Organizational unit [nessus-users]: nessus-admins

Email [none@none.com]: nessus-admin@example.org

--- Confirmation ---

Username: admin

Client certificate life time in days: 365

Country: US

State or province: MD

City: Columbia

Organization: Tenable Network Security

Organizational unit: nessus-admins

Email: nessus-admin@example.org

Is this ok? (y/n) [n]: y

Congratulations. Your client certificate was properly created.

The following files were created :

Nessus Client :

Certificate = /Library/Nessus/run/var/nessus/tmp/cert_admin.pem

Private key = /Library/Nessus/run/var/nessus/tmp/key_admin.pem

The certificate was successfully set for admin.

Create another cert? (y/n) [y]: n

If the user already has credentials, such as a password, this will overwrite any previous credentials and expect

the digital certificate instead. Also, updating the password of the account will remove the client certificate for

authentication.

Nessus Command Line User Management Commands

The nessuscli commands offer the ability to manage Nessus users from the command line. This includes listing the

users, changing a user’s password, adding a user, and removing a user.