Create a Nessus Server Digital Certificate
Required User Role: User with administrator privileges
You can create a Tenable Nessus-supported self-signed server certificate from the command line.
To see and copy the full command for your specific operating system, see the Command Quick Reference.
Usage
To create a Tenable Nessus server digital certificate, use the following command:
# nessuscli mkcert
Read and follow the prompts. Prompt default responses are in brackets. The following is example output:
-------------------------------------------------------------------------------
Creation of the Nessus SSL Certificate
-------------------------------------------------------------------------------
This script asks you for information to create the SSL certificate.
for Nessus. This information is *NOT* sent to anybody
(everything stays local), but anyone with the ability to connect to
your Nessus daemon is able to retrieve this information.
CA certificate life time in days [1460]: 1460
Server certificate life time in days [365]: 365
Your two letter country code [US]: US
Your state or province name [NY]: MD
Your city [New York]: Columbia
Your organization [Nessus Users United]: Tenable Network Security
This hostname [localhost]: nessus-server
--- Confirmation ---
CA certificate life time in days: 1460
Server certificate life time in days: 365
Country: US
State or province: MD
City: Columbia
Organization: Tenable Network Security
This hostname: nessus-server
Is this ok? (y/n) [n]: y
Congratulations. Your server certificate was properly created.
The following files were created:
Certification authority:
Certificate = /opt/nessus/com/nessus/CA/cacert.pem
Private key = /opt/nessus/var/nessus/CA/cakey.pem
Nessus Server:
Certificate = /opt/nessus/com/nessus/CA/servercert.pem
Private key = /opt/nessus/var/nessus/CA/serverkey.pem
For more details on configuring Tenable Nessus with custom SSL certificates, see the Tenable Nessus User Guide.
For the full command for your operating system, see the following:
Windows