Create a Nessus Server Digital Certificate

To create a Nessus server digital certificate, run the commands and follow the prompts. Note that the defaults are in brackets.

# /opt/nessus/sbin/nessuscli mkcert

 

-------------------------------------------------------------------------------

Creation of the Nessus SSL Certificate

-------------------------------------------------------------------------------

 

This script will now ask you for information to create the SSL certificate

for Nessus. Note that this information will *NOT* be sent to anybody

(everything stays local), but anyone with the ability to connect to

your Nessus daemon will be able to retrieve this information.

 

CA certificate life time in days [1460]: 1460

Server certificate life time in days [365]: 365

Your two letter country code [US]: US

Your state or province name [NY]: MD

Your city [New York]: Columbia

Your organization [Nessus Users United]: Tenable Network Security

This host name [localhost]: nessus-server

 

--- Confirmation ---

CA certificate life time in days: 1460

Server certificate life time in days: 365

Country: US

State or province: MD

City: Columbia

Organization: Tenable Network Security

This host name: nessus-server

Is this ok? (y/n) [n]: y

 

Congratulations. Your server certificate was properly created.

 

The following files were created :

Certification authority :

Certificate = /opt/nessus/com/nessus/CA/cacert.pem

Private key = /opt/nessus/var/nessus/CA/cakey.pem

Nessus Server :

Certificate = /opt/nessus/com/nessus/CA/servercert.pem

Private key = /opt/nessus/var/nessus/CA/serverkey.pem

For more details on configuring Nessus with custom SSL certificates, see the latest Nessus user guide.