Create a New Server Certificate and CA Certificate
If you do not have your own custom certificate authority (CA) and server certificate (for example, a trusted certificate that your organization uses), you can use Tenable Nessus to create a new server certificate and CA certificate.
The Tenable Nessus CA signs this server certificate, which means your browser may report that the server certificate is untrusted.
To create a new custom CA and server certificate:
-
Access the Tenable Nessus CLI as an administrator user or a user with root privileges.
-
Run the nessuscli mkcert command:
Linux# /opt/nessus/sbin/nessuscli mkcert
WindowsC:\Program Files\Tenable\Nessus\nessuscli.exe mkcert
macOS# /Library/Nessus/run/sbin/nessuscli mkcert
This command places the certificates in their correct directories.
-
When prompted for the hostname, enter the DNS name or IP address of the Tenable Nessus server in the browser such as https://hostname:8834/ or https://ipaddress:8834/. The default certificate uses the hostname.
What to do next:
-
Because Nessus Certification Authority is not a trusted valid certificate authority, the certificate is untrusted, which can result in the following:
-
Your browser may produce a warning regarding an unsafe connection when you access Tenable Nessus via HTTPS through port 8834.
-
Plugin 51192 may report a vulnerability when scanning the Tenable Nessus scanner host.
To resolve either of those issues, Trust a Custom CA. For more information about how Tenable Nessus uses custom SSL server certificates and CAs, see Custom SSL Server Certificates.
-