Create a Nessus Server Digital Certificate

Required User Role: User with administrator privileges

You can create a Nessus-supported self-signed server certificate from the command line.

To see and copy the full command for your specific operating system, see the Command Quick Reference.

Usage

To create a Nessus server digital certificate, use the following command:

# nessuscli mkcert

Read and follow the prompts. Prompt default responses are in brackets. The following is example output:

-------------------------------------------------------------------------------

Creation of the Nessus SSL Certificate

-------------------------------------------------------------------------------

 

This script will now ask you for information to create the SSL certificate

for Nessus. Note that this information will *NOT* be sent to anybody

(everything stays local), but anyone with the ability to connect to

your Nessus daemon will be able to retrieve this information.

 

CA certificate life time in days [1460]: 1460

Server certificate life time in days [365]: 365

Your two letter country code [US]: US

Your state or province name [NY]: MD

Your city [New York]: Columbia

Your organization [Nessus Users United]: Tenable Network Security

This host name [localhost]: nessus-server

 

--- Confirmation ---

CA certificate life time in days: 1460

Server certificate life time in days: 365

Country: US

State or province: MD

City: Columbia

Organization: Tenable Network Security

This host name: nessus-server

Is this ok? (y/n) [n]: y

 

Congratulations. Your server certificate was properly created.

 

The following files were created :

Certification authority :

Certificate = /opt/nessus/com/nessus/CA/cacert.pem

Private key = /opt/nessus/var/nessus/CA/cakey.pem

Nessus Server :

Certificate = /opt/nessus/com/nessus/CA/servercert.pem

Private key = /opt/nessus/var/nessus/CA/serverkey.pem

For more details on configuring Nessus with custom SSL certificates, see the Nessus User Guide.

Command Quick Reference

For the full command for your operating system, see the following: