Certificates and Certificate Authorities
Tenable Nessus includes the following defaults:
-
The default Tenable Nessus SSL certificate and key, which consists of two files: servercert.pem and serverkey.pem.
- A Tenable Nessus certificate authority (CA), which signs the default Tenable Nessus SSL certificate. The CA consists of two files: cacert.pem and cakey.pem.
The default certificate files are located in the following directory, depending on your operating system:
|
Operating System |
Directory |
|---|---|
|
Windows |
C:\ProgramData\Tenable\Nessus\nessus\CA |
|
macOS |
/Library/Nessus/run/com/nessus/CA |
|
Linux |
/opt/nessus/com/nessus/CA |
|
FreeBSD |
/usr/local/nessus/com/nessus/CA |
However, you may want to upload your own certificates or CAs for advanced configurations or to resolve scanning issues. For more information, see:
- Custom SSL Server Certificates — View an overview of Tenable Nessus SSL server certificates and troubleshoot common certificate problems.
- Create a New Server Certificate and CA Certificate — If you do not have your own custom CA and server certificate, you can use Tenable Nessus to create a new server certificate and CA certificate.
- Upload a Custom Server Certificate and CA Certificate — Replace the default certificate that ships with Tenable Nessus.
- Trust a Custom CA — Add a custom root CA to the list of CAs that Tenable Nessus trusts.
- Create SSL Client Certificates for Login — Create an SSL client certificate to log in to Tenable Nessus instead of using a username and password.
- Tenable Nessus Manager Certificates and Tenable Nessus Agent — Understand the certificate chain between Tenable Nessus Manager and Tenable Nessus Agents and troubleshoot issues.