Create NNM SSL Certificates for Login
To log in to an NNM server with SSL certificates, you must create the certificates using the
Note: When asked if you want to create a server certificate, select no to be prompted for the user certificate information.
To create NNM SSL certificates for login:
On the NNM server, run the
Configure the client certificate by answering the various questions.
The client certificates generate in a temporary directory.
C:\users\<username>\AppData\Local\Temp, where <username> is the user currently logged in.
Two files are created in the temporary directory. In an example where the user name is admin, the files
key_admin.pemare created. These two files must be combined and exported into a format that may be imported into the web browser, such as .pfx. You can accomplish this with the openssl program and the following command:
openssl pkcs12 -export -out combined_admin.pfx -inkey key_admin.pem -in cert_admin.pem -chain -CAfile /opt/nnm/var/nnm/ssl/cacert.pem -passout 'pass:password' -name 'NNM User Certificate for: admin'
The resulting file
combined_admin.pfxis created in the directory from which the command is launched. This file must then be imported into the web browser’s personal certificate store.
Note: The username you type must correspond with an existing username in NNM. By default, NNM has only one administrative user. If you add another administrative user, then you can use more than one certificate.
Configure the NNM server for certificate authentication using the appropriate command for your OS. Once certificate authentication is enabled, username and password login is disabled.
# /opt/nnm/bin/nnm --config "Enable SSL Client Certificate Authentication" "1"
C:\Program Files\Tenable\NNM\nnm --config "Enable SSL Client Certificate Authentication" "1"
# /Library/NNM/bin/nnm --config "Enable SSL Client Certificate Authentication" "1"