Manualshelf

Specifications

ManualsBrandsRed Hat ManualsOtherCERTIFICATE SYSTEM 6.0 - MIGRATION GUIDE
71727374757677787980
Copyright © 2015. Tenable Network Security, Inc. All rights reserved. Tenable Network Security and Nessus are registered trademarks of Tenable Network Security, Inc.
72
Enable Connections with Smart Card or CAC Card
Once the CAcert for the smart card, CAC, or similar device has been put in place, corresponding users must be created to
match within Nessus. During this process, the users created must match the CN used on the card with which the user will
use to connect.
1. On the Nessus server, run the nessus-mkcert-client command.
Linux/Unix:
# /opt/nessus/sbin/nessuscli mkcert-client
Windows (Run as a local Administrator user):
C:\> \Program Files\Tenable\Nessus\nessuscli.exe mkcert-client
2. Fill in the fields as prompted. The process is identical on a Linux/Unix or Windows server. The user name must
match the CN supplied by the certificate on the card.
Do you want to register the users in the Nessus server as soon as you create their
certificates ? [n]: y
-------------------------------------------------------------------------------
Creation Nessus SSL client Certificate
-------------------------------------------------------------------------------
This script will now ask you the relevant information to create the SSL
client certificates for Nessus.
Client certificate life time in days [365]:
Your country (two letter code) [US]:
Your state or province name [NY]: MD
Your location (e.g. town) [New York]: Columbia
Your organization []: Content
Your organizational unit []: Tenable
**********
We are going to ask you some question for each client certificate
If some question have a default answer, you can force an empty answer by entering a
single dot '.'
*********
User #1 name (e.g. Nessus username) []: squirrel
Should this user be administrator? [n]: y
Country (two letter code) [US]:
State or province name [MD]:
Location (e.g. town) [Columbia]:
Organization [Content]:
Organizational unit [Tenable]:
e-mail []:
User rules
----------
nessusd has a rules system which allows you to restrict the hosts that firstuser has
the right to test. For instance, you may want him to be able to scan his own host
only.
Enter the rules for this user, and enter a BLANK LINE once you are done:
(the user can have an empty rules set)
User added to Nessus.
Another client certificate? [n]: