Create a Nessus Client-Side Digital Certificate

Required User Role: User with administrator privileges

You can create a Nessus client-side digital certificate from the command line.

To see and copy the full command for your specific operating system, see the Command Quick Reference.

Usage

Note: If the user already has credentials, such as a password, this script will overwrite any previous credentials. Also, updating the password of the account will remove the client certificate for authentication.

To create a Nessus client digital certificate, use the following command:

# nessuscli mkcert-client

Read and follow the prompts. Prompt default responses are in brackets. The following is example output:

-------------------------------------------------------------------------------

Creation of the Nessus SSL Client Certificates

-------------------------------------------------------------------------------

 

This script will now ask you for information to create SSL client certificates.

 

Nessus username for user: admin

admin already exists. Do you want to overwrite their credentials? (y/n) [n]: y

Client certificate life time in days [365]:

Two letter country code [US]: US

State or province name [NY]: MD

City [New York]: Columbia

Organization [Nessus Users United]: Tenable Network Security

Organizational unit [nessus-users]: nessus-admins

Email []:

 

--- Confirmation ---

Username: admin

Client certificate life time in days: 365

Country: US

State or province: MD

City: Columbia

Organization: Tenable Network Security

Organizational unit: nessus-admins

Email:

Is this ok? (y/n) [n]: y

 

Congratulations. Your client certificate was properly created.

 

The following files were created :

Nessus Client :

Certificate = /Library/Nessus/run/var/nessus/tmp/cert_admin.pem

Private key = /Library/Nessus/run/var/nessus/tmp/key_admin.pem

 

The certificate was successfully set for admin.

 

Create another cert? (y/n) [y]: n

Command Quick Reference

For the full command for your operating system, see the following: