TOC & Recently Viewed

Recently Viewed Topics

Create a Nessus Server Digital Certificate

To create a Nessus server digital certificate, run the commands and follow the prompts. Note that the defaults are in brackets.

# /opt/nessus/sbin/nessuscli mkcert



Creation of the Nessus SSL Certificate



This script will now ask you for information to create the SSL certificate

for Nessus. Note that this information will *NOT* be sent to anybody

(everything stays local), but anyone with the ability to connect to

your Nessus daemon will be able to retrieve this information.


CA certificate life time in days [1460]: 1460

Server certificate life time in days [365]: 365

Your two letter country code [US]: US

Your state or province name [NY]: MD

Your city [New York]: Columbia

Your organization [Nessus Users United]: Tenable Network Security

This host name [localhost]: nessus-server


--- Confirmation ---

CA certificate life time in days: 1460

Server certificate life time in days: 365

Country: US

State or province: MD

City: Columbia

Organization: Tenable Network Security

This host name: nessus-server

Is this ok? (y/n) [n]: y


Congratulations. Your server certificate was properly created.


The following files were created :

Certification authority :

Certificate = /opt/nessus/com/nessus/CA/cacert.pem

Private key = /opt/nessus/var/nessus/CA/cakey.pem

Nessus Server :

Certificate = /opt/nessus/com/nessus/CA/servercert.pem

Private key = /opt/nessus/var/nessus/CA/serverkey.pem

For more details on configuring Nessus with custom SSL certificates, see the latest Nessus user guide.

Copyright © 2019 Tenable, Inc. All rights reserved. Tenable,, Tenable Network Security, Nessus, SecurityCenter, SecurityCenter Continuous View and Log Correlation Engine are registered trademarks of Tenable, Inc.., Lumin, Assure, and the Cyber Exposure Company are trademarks of Tenable, Inc. All other products or services are trademarks of their respective owners.