Create a Nessus Client-Side Digital Certificate

To create a Nessus client digital certificate, run the commands and follow the prompts. Note that the defaults are in brackets.

# /opt/nessus/sbin/nessuscli nessuscli mkcert-client



Creation of the Nessus SSL Client Certificates



This script will now ask you for information to create SSL client certificates.


Nessus username for user: admin

admin already exists. Do you want to overwrite their credentials? (y/n) [n]: y

Client certificate life time in days [365]:

Two letter country code [US]: US

State or province name [NY]: MD

City [New York]: Columbia

Organization [Nessus Users United]: Tenable Network Security

Organizational unit [nessus-users]: nessus-admins

Email [[email protected]]: [email protected]


--- Confirmation ---

Username: admin

Client certificate life time in days: 365

Country: US

State or province: MD

City: Columbia

Organization: Tenable Network Security

Organizational unit: nessus-admins

Email: [email protected]

Is this ok? (y/n) [n]: y


Congratulations. Your client certificate was properly created.


The following files were created :

Nessus Client :

Certificate = /Library/Nessus/run/var/nessus/tmp/cert_admin.pem

Private key = /Library/Nessus/run/var/nessus/tmp/key_admin.pem


The certificate was successfully set for admin.


Create another cert? (y/n) [y]: n

Note: If the user already has credentials, such as a password, this script will overwrite any previous credentials. Also, updating the password of the account will remove the client certificate for authentication.