Recently Viewed Topics
Create Industrial Security SSL Certificates for Login
To log in to a Industrial Security server with SSL certificates, you must create the certificates using the industrial-security-make-cert
command.
Note: When asked if you want to create a server certificate, select no to be prompted for the user certificate information.
To create Industrial Security SSL certificates for login:
-
On the Industrial Security server, run the
industrial-security-make-cert
command.Operating System
Command
Linux
# /opt/industrial-security/bin/industrial-security-make-cert
Windows
C:\Program Files\Tenable\Industrial Security\industrial-security-make-cert
-
Configure the client certificate by answering the various questions.
The client certificates generate in a temporary directory.
Operating System
Directory
Linux
/tmp/
Windows
C:\users\<username>\AppData\Local\Temp
, where <username> is the user currently logged in. -
Two files are created in the temporary directory. In an example where the user name is admin, the files
cert_admin.pem
andkey_admin.pem
are created. These two files must be combined and exported into a format that may be imported into the web browser, such as .pfx. You can accomplish this with the openssl program and the following command:openssl pkcs12 -export -out combined_admin.pfx -inkey key_admin.pem -in cert_admin.pem -chain -CAfile /opt/industrial-security/var/industrial-security/ssl/cacert.pem -passout 'pass:password' -name 'Industrial Security User Certificate for: admin'
The resulting file
combined_admin.pfx
is created in the directory from which the command is launched. This file must then be imported into the web browser’s personal certificate store.Note: The username you type must correspond with an existing username in Industrial Security. By default, Industrial Security has only one administrative user. If you add another administrative user, then you can use more than one certificate.
-
Configure the Industrial Security server for certificate authentication using the appropriate command for your OS. Once certificate authentication is enabled, username and password login is disabled.
Operating System
Command
Linux
# /opt/industrial-security/bin/industrial-security --config "Enable SSL Client Certificate Authentication" "1"
Windows
C:\Program Files\Tenable\Industrial Security\industrial-security --config "Enable SSL Client Certificate Authentication" "1"