Custom SSL Certificates

By default, Nessus is installed and managed using HTTPS and SSL support and uses port 8834. Default installation of Nessus uses a self-signed SSL certificate.

To avoid web browser warnings, a custom SSL certificate specific to your organization can be used. During the installation, Nessus creates two files that make up the certificate: servercert.pem and serverkey.pem. These files must be replaced with certificate files generated by your organization or a trusted certificate authority (CA).

Before replacing the certificate files, stop the Nessus server. Replace the two files and restart the Nessus server. Subsequent connections to the scanner should not display an error if the certificate was generated by a trusted CA.

Location of Certificate Files

Operating System








Windows Vista and later



Mac OS X



You can also use the /getcert switch to install the root CA in your browser, which will remove the warning.

https://[IP address]:8834/getcert

Note: To set up an intermediate certificate chain, a file named serverchain.pem must be placed in the same directory as the servercert.pem file. This file contains the 1-n intermediate certificates (concatenated public certificates) necessary to construct the full certificate chain from the Nessus server to its ultimate root certificate (one trusted by the user’s browser).