TOC & Recently Viewed

Recently Viewed Topics

Create NNM SSL Certificates for Login

To log in to a NNM server with SSL certificates, you must create the certificates using the NNM-make-cert command.

Note: When asked if you want to create a server certificate, select no to be prompted for the user certificate information.

Steps

  1. On the NNM server, run the NNM-make-cert command.

    Operating System

    Command

    Linux

    # /opt/nnm/bin/nnm-make-cert

    Windows

    C:\Program Files\Tenable\NNM\nnm-make-cert

    macOS

    # /Library/NNM/bin/nnm-make-cert

  2. Configure the client certificate by answering the various questions.

    The client certificates generate in a temporary directory.

    Operating System

    Directory

    Linux

    /tmp/

    Windows

    C:\users\<username>\AppData\Local\Temp, where <username> is the user currently logged in.

    macOS

    /tmp/

  3. Two files are created in the temporary directory. In an example where the user name is admin, the files cert_admin.pem and key_admin.pem are created. These two files must be combined and exported into a format that may be imported into the web browser, such as .pfx. You can accomplish this with the openssl program and the following command:

    openssl pkcs12 -export -out combined_admin.pfx -inkey key_admin.pem -in cert_admin.pem -chain -CAfile /opt/nnm/var/nnm/ssl/cacert.pem -passout 'pass:password' -name 'NNM User Certificate for: admin'

    The resulting file combined_admin.pfx is created in the directory from which the command is launched. This file must then be imported into the web browser’s personal certificate store.

    Note: The username you enter must correspond with an existing username in NNM. By default, NNM has only one administrative user. If you add another administrative user, then you can use more than one certificate.

  4. Configure the NNM server for certificate authentication using the appropriate command for your OS. Once certificate authentication is enabled, username and password login is disabled.

    Operating System

    Command

    Linux

    # /opt/nnm/bin/nnm --config "Enable SSL Client Certificate Authentication" "1"

    Windows

    C:\Program Files\Tenable\NNM\nnm --config "Enable SSL Client Certificate Authentication" "1"

    macOS

    # /Library/NNM/bin/nnm --config "Enable SSL Client Certificate Authentication" "1"

Copyright 2017 Tenable, Inc. All rights reserved. Tenable Network Security, Nessus, SecurityCenter, SecurityCenter Continuous View and Log Correlation Engine are registered trademarks of Tenable, Inc.  Tenable, Tenable.io, Assure, and The Cyber Exposure Company are trademarks of Tenable, Inc.  All other products or services are trademarks of their respective owners.