Create a Custom CA and Server Certificate
To create a custom CA and server certificate:
Optionally, create a new custom CA and server certificate for the NNM server using the
NNM-make-certcommand. This places the certificates in the correct directories.
- When prompted for the host name, type the DNS name or IP address of the server in the browser (eg., https://hostname:8835/ or https://ipaddress:8835/). The default certificate uses the host name.
If you wish to use a CA certificate instead of the NNM generated one, make a copy of the self-signed CA certificate using the appropriate command for your OS:
# cp /opt/nnm/var/nnm/ssl/cacert.pem /opt/nnm/var/nnm/ssl/ORIGcacert.pem
copy \ProgramData\Tenable\NNM\nnm\ssl\cacert.pem C:\ProgramData\Tenable\NNM\nnm\ssl\ORIGcacert.pem
# cp /Library/NNM/var/nnm/ssl/cacert.pem /Library/NNM/var/nnm/ssl/ORIGcacert.pem
If the authentication certificates are created by a CA other than the NNM server, the CA certificate must be installed on the NNM server. Copy the organization's CA certificate to the appropriate location for your OS:
Once the CA is in place, restart the NNM services.
- After NNM is configured with the proper CA certificate(s), users may log in to NNM using SSL client certificates.