Custom SSL Certificates

By default, NNM is installed and managed using HTTPS and SSL support and uses port 8835. Default installations of NNM use a self-signed SSL certificate.

To avoid browser warnings, use a custom SSL certificate specific to your organization. During the installation, NNM creates two files that make up the certificate: servercert.pem and serverkey.pem. You must replace these files with certificate files generated by your organization or a trusted CA.

Before replacing the certificate files, stop the NNM server. Replace the two files and re-start the NNM server. If the certificate was generated by a trusted CA, subsequent connections to the scanner do not display an error.

Certificate File Locations

Operating System











Optionally, you can use the /getcert switch to install the root CA in your browser, which removes the warning:

https://<IP address>:8835/getcert

To set up an intermediate certificate chain, place a file named serverchain.pem in the same directory as the servercert.pem file.

This file must contain the 1-n intermediate certificates (concatenated public certificates) necessary to construct the full certificate chain from the NNM server to its ultimate root certificate (one trusted by the user’s browser).

SSL Client Certificate Authentication

NNM supports use of SSL client certificate authentication. When the browser is configured for this method, the use of SSL client certificates is allowed.

NNM allows for password-based or SSL Certificate authentication methods for user accounts. When creating a user for SSL certificate authentication, use the NNM-make-cert-client utility through the command line on the NNM server.