TOC & Recently Viewed

Recently Viewed Topics

Custom SSL Certificates

By default, PVS is installed and managed using HTTPS and SSL support and uses port 8835. Default installations of PVS use a self-signed SSL certificate.

To avoid browser warnings, use a custom SSL certificate specific to your organization. During the installation, PVS creates two files that make up the certificate: servercert.pem and serverkey.pem. You must replace these files with certificate files generated by your organization or a trusted CA.

Before replacing the certificate files, stop the PVS server. Replace the two files and re-start the PVS server. If the certificate was generated by a trusted CA, subsequent connections to the scanner do not display an error.

Certificate File Locations

Operating System

Directory

Linux

/opt/pvs/var/pvs/ssl/servercert.pem

/opt/pvs/var/pvs/ssl/serverkey.pem

Windows

C:\ProgramData\Tenable\PVS\pvs\ssl\servercert.pem

C:\ProgramData\Tenable\PVS\pvs\ssl\serverkey.pem

macOS

/Library/PVS/var/pvs/ssl/servercert.pem

/Library/PVS/var/pvs/ssl/serverkey.pem

Optionally, you can use the /getcert switch to install the root CA in your browser, which removes the warning:

https://<IP address>:8835/getcert

To set up an intermediate certificate chain, place a file named serverchain.pem in the same directory as the servercert.pem file.

This file must contain the 1-n intermediate certificates (concatenated public certificates) necessary to construct the full certificate chain from the PVS server to its ultimate root certificate (one trusted by the user’s browser).

SSL Client Certificate Authentication

PVS supports use of SSL client certificate authentication. When the browser is configured for this method, use of SSL client certificates is allowed.

PVS allows for password-based or SSL Certificate authentication methods for user accounts. When creating a user for SSL certificate authentication, use the pvs-make-cert-client utility through the command line on the PVS server.

Copyright © 2017. Tenable Network Security, Inc. All rights reserved. Tenable Network Security, Nessus, SecurityCenter Continuous View, Passive Vulnerability Scanner, and Log Correlation Engine are registered trademarks of Tenable Network Security, Inc. All other products or services are trademarks of their respective owners.