TOC & Recently Viewed

Recently Viewed Topics

Create a Custom CA and Server Certificate

Steps

  1. Optionally, create a new custom CA and server certificate for the PVS server using the pvs-make-cert command. This places the certificates in the correct directories.

    When prompted for the host name, enter the DNS name or IP address of the server in the browser (eg., https://hostname:8835/ or https://ipaddress:8835/). The default certificate uses the host name.

  2. If you wish to use a CA certificate instead of the PVS generated one, make a copy of the self-signed CA certificate using the appropriate command for your OS:

    Operating System

    Command

    Linux

    # cp /opt/pvs/var/pvs/ssl/cacert.pem /opt/pvs/var/pvs/ssl/ORIGcacert.pem

    Windows

    copy \ProgramData\Tenable\PVS\pvs\ssl\cacert.pem C:\ProgramData\Tenable\PVS\pvs\ssl\ORIGcacert.pem

    macOS

    # cp /Library/PVS/var/pvs/ssl/cacert.pem /Library/PVS/var/pvs/ssl/ORIGcacert.pem

  3. If the authentication certificates are created by a CA other than the PVS server, the CA certificate must be installed on the PVS server. Copy the organization's CA certificate to the appropriate location for your OS:

    Operating System

    File Location

    Linux

    /opt/pvs/var/pvs/ssl/cacert.pem

    Windows

    C:\ProgramData\Tenable\PVS\pvs\ssl\cacert.pem

    macOS

    /Library/PVS/var/pvs/ssl/cacert.pem

  4. Once the CA is in place, restart the PVS services.

    After PVS is configured with the proper CA certificate(s), users may log in to PVS using SSL client certificates.

Copyright 2017. Tenable Network Security, Inc. All rights reserved. Tenable Network Security, Nessus, SecurityCenter Continuous View, Passive Vulnerability Scanner, and Log Correlation Engine are registered trademarks of Tenable Network Security, Inc. All other products or services are trademarks of their respective owners.