Trust a Custom CA

By default, Nessus trusts certificate authorities (CAs) based on root certificates in the Mozilla Included CA Certificate list. These trusted CAs are listed in the known_CA.inc file in the Nessus plugins directory. Tenable updates known_CA.inc when updating plugins.

If you have a custom root CA that is not included in the known CAs, you can configure Nessus to trust the custom CA to use for certificate authentication.

You can use either the Nessus user interface or the command line interface (CLI).

Before you begin:

To configure Nessus to trust a custom CA using the Nessus user interface:

  1. In the top navigation bar, click Settings.

    The About page appears.

  2. In the left navigation bar, click Custom CA.

    The Custom CA page appears.

  3. In the Certificate box, enter the text of your custom CA.

    Note: Include the beginning text -----BEGIN CERTIFICATE----- and ending text -----END CERTIFICATE-----.

    Tip: You can save more than one certificate in a single text file, including the beginning and ending text for each one.

  4. Click Save .

    The CA is available for use in Nessus.

To configure Nessus to trust a custom CA using the CLI:

  1. Save your PEM-formatted CA as a text file.

    Note: Include the beginning text -----BEGIN CERTIFICATE----- and ending text -----END CERTIFICATE-----.

    Tip: You can save more than one certificate in a single text file, including the beginning and ending text for each one.

  2. Rename the file custom_CA.inc.
  3. Move the file to your plugins directory:

    The CA is available for use in Nessus.