Security Warnings

By default, Nessus is installed and managed using HTTPS and SSL uses port 8834. The default installation of Nessus uses a self-signed SSL certificate.

During the web-based portion of the Nessus installation, the following message regarding SSL appears:

You are likely to get a security alert from your browser saying that the SSL certificate is invalid. You may either choose to accept the risk temporarily, or you can obtain a valid SSL certificate from a registrar.

This information refers to a security-related message you encounter when accessing the Nessus user interface (https://[server IP]:8834).

Example Security Warning

  • a connection privacy problem
  • an untrusted site
  • an unsecure connection

Because Nessus is providing a self-signed SSL certificate, this is normal behavior.

Bypassing SSL warnings

Based on the browser you are using, use the following steps to proceed to the Nessus login page.

Browser Instructions

Google Chrome

Select Advanced, and then Proceed to (unsafe).

Note: Some instances of Google Chrome do not allow you to proceed. If this happens, Tenable recommends using a different browser, such as Safari or Mozilla Firefox.

Mozilla Firefox

Select I Understand the Risks, and then select Add Exception.

Next select Get Certificate, and finally select Confirm Security Exception.