TOC & Recently Viewed

Recently Viewed Topics

Upload a Custom CA Certificate

These steps describe how to upload a custom certificate authority (CA) certificate to the Nessus web server through the command line.

Steps

Create one or more custom CA and server certificates.
Back up the original Nessus CA and server certificates and keys:

cp /opt/nessus/com/nessus/CA/cacert.pem /opt/nessus/com/nessus/CA/cacert.pem.orig

cp /opt/nessus/var/nessus/CA/cakey.pem /opt/nessus/var/nessus/CA/cakey.pem.orig

cp /opt/nessus/com/nessus/CA/servercert.pem /opt/nessus/com/nessus/CA/servercert.pem.orig

cp /opt/nessus/var/nessus/CA/serverkey.pem /opt/nessus/var/nessus/CA/serverkey.pem.orig
Replace the original certificates with the new custom certificates:

cp customCA.pem /opt/nessus/com/nessus/CA/cacert.pem

cp customCA.key /opt/nessus/var/nessus/CA/cakey.pem

cp servercert.pem /opt/nessus/com/nessus/CA/servercert.pem

cp server.key /opt/nessus/var/nessus/CA/serverkey.pem
Restart Nessus:

service nessusd restart

Note: Any linked agent has an old certificate in its configuration, (ms_cert) and upon restart, communication fails to the manager. You can remedy this by relinking the agent to the controller:

nessuscli agent unlink

nessuscli agent link --host=<host> --port=<port> --key=<key> --groups<group1,group2>

You can also load the cacert.pem file into the custom_CA.inc file in the Agents plugin directory:

scp customCA.pem [email protected]:/opt/nessus_agent/lib/nessus/custom_CA.inc

Copyright © 2020 Tenable, Inc. All rights reserved. Tenable, Tenable.io, Tenable Network Security, Nessus, SecurityCenter, SecurityCenter Continuous View and Log Correlation Engine are registered trademarks of Tenable,Inc. Tenable.sc, Tenable.ot, Lumin, Indegy, Assure, and The Cyber Exposure Company are trademarks of Tenable, Inc. All other products or services are trademarks of their respective owners.