TOC & Recently Viewed

Recently Viewed Topics

Custom SSL Certificates

By default, Nessus is installed and managed using HTTPS and SSL support and uses port 8834. Default installation of Nessus uses a self-signed SSL certificate.

To avoid web browser warnings, a custom SSL certificate specific to your organization can be used. During the installation, Nessus creates two files that make up the certificate: servercert.pem and serverkey.pem. These files must be replaced with certificate files generated by your organization or a trusted certificate authority (CA).

Before replacing the certificate files, stop the Nessus server. Replace the two files and restart the Nessus server. Subsequent connections to the scanner should not display an error if the certificate was generated by a trusted CA.

Location of Certificate Files

Operating System








Windows Vista and later



Mac OS X



You can also use the /getcert switch to install the root CA in your browser, which will remove the warning.

https://[IP address]:8834/getcert

Note: To set up an intermediate certificate chain, a file named serverchain.pem must be placed in the same directory as the servercert.pem file. This file contains the 1-n intermediate certificates (concatenated public certificates) necessary to construct the full certificate chain from the Nessus server to its ultimate root certificate (one trusted by the user’s browser).

Copyright © 2020 Tenable, Inc. All rights reserved. Tenable,, Tenable Network Security, Nessus, SecurityCenter, SecurityCenter Continuous View and Log Correlation Engine are registered trademarks of Tenable,Inc., Tenable.ot, Lumin, Indegy, Assure, and The Cyber Exposure Company are trademarks of Tenable, Inc. All other products or services are trademarks of their respective owners.