TOC & Recently Viewed

Recently Viewed Topics

Upload a Custom CA Certificate

These steps describe how to upload a custom CA (Certificate Authority) certificate to the Nessus web server through the command line.


  1. Create one or more custom CA and server certificates.
  2. Back up the original Nessus CA and server certificates and keys:

    cp /opt/nessus/com/nessus/CA/cacert.pem /opt/nessus/com/nessus/CA/cacert.pem.orig

    cp /opt/nessus/var/nessus/CA/cakey.pem /opt/nessus/var/nessus/CA/cakey.pem.orig

    cp /opt/nessus/com/nessus/CA/servercert.pem /opt/nessus/com/nessus/CA/servercert.pem.orig

    cp /opt/nessus/var/nessus/CA/serverkey.pem /opt/nessus/var/nessus/CA/serverkey.pem.orig

  3. Replace the original certificates with the new custom certificates:

    cp customCA.pem /opt/nessus/com/nessus/CA/cacert.pem

    cp customCA.key /opt/nessus/var/nessus/CA/cakey.pem

    cp servercert.pem /opt/nessus/com/nessus/CA/servercert.pem

    cp server.key /opt/nessus/var/nessus/CA/serverkey.pem

  4. Restart Nessus:

    service nessusd restart

    Note: Any linked agent has an old certificate in its configuration, (ms_cert) and upon restart, communication fails to the manager. You can remedy this by relinking the agent to the controller:

    nessuscli agent unlink

    nessuscli agent link --host=<host> --port=<port> --key=<key> --groups<group1,group2>

    You can also load the cacert.pem file into the file in the Agents plugin directory:

    scp customCA.pem root@agentip:/opt/nessus_agent/lib/nessus/

Copyright 2017. Tenable Network Security, Inc. All rights reserved. Tenable Network Security, Nessus, SecurityCenter Continuous View, Passive Vulnerability Scanner, and Log Correlation Engine are registered trademarks of Tenable Network Security, Inc. All other products or services are trademarks of their respective owners.