Create a Nessus Client-Side Digital Certificate
Required User Role: User with administrator privileges
You can create a Tenable Nessus client-side digital certificate from the command line.
To see and copy the full command for your specific operating system, see the Command Quick Reference.
Usage
Note: If the user already has credentials, such as a password, this script overwrites any previous credentials. Also, updating the password of the account removes the client certificate for authentication.
To create a Nessus client digital certificate, use the following command:
# nessuscli mkcert-client
Read and follow the prompts. Prompt default responses are in brackets. The following is example output:
-------------------------------------------------------------------------------
Creation of the Nessus SSL Client Certificates
-------------------------------------------------------------------------------
This script asks you for information to create SSL client certificates.
Nessus username for user: admin
admin already exists. Do you want to overwrite their credentials? (y/n) [n]: y
Client certificate life time in days [365]:
Two letter country code [US]: US
State or province name [NY]: MD
City [New York]: Columbia
Organization [Nessus Users United]: Tenable Network Security
Organizational unit [nessus-users]: nessus-admins
Email [[email protected]]: [email protected]
--- Confirmation ---
Username: admin
Client certificate life time in days: 365
Country: US
State or province: MD
City: Columbia
Organization: Tenable Network Security
Organizational unit: nessus-admins
Email: [email protected]
Is this ok? (y/n) [n]: y
Congratulations. Your client certificate was properly created.
The following files were created:
Nessus Client:
Certificate = /Library/Nessus/run/var/nessus/tmp/cert_admin.pem
Private key = /Library/Nessus/run/var/nessus/tmp/key_admin.pem
The certificate was successfully set for admin.
Create another cert? (y/n) [y]: n
For the full command for your operating system, see the following:
Windows