TOC & Recently Viewed

Recently Viewed Topics

Upload a Custom SSL Certificate

SecurityCenter ships with its own default SSL certificate; however, in many cases it is desirable to obtain a custom SSL certificate for enhanced security.

Note: In the example below, two certificate files were received from the CA: host.crt and host.key. These file names vary depending on the CA used.

Tip: The custom certificate email address must not be SecurityCenter@SecurityCenter or subsequent upgrades cannot retain the new certificate.

To upload a custom SSL certificate to SecurityCenter:

  1. Back up the current certificates located in the /opt/sc/support/conf directory. These files are named SecurityCenter.crt and SecurityCenter.key. In the example below, we place the files in /tmp.

    # cp /opt/sc/support/conf/SecurityCenter.crt /tmp/SecurityCenter.crt.bak

    # cp /opt/sc/support/conf/SecurityCenter.key /tmp/SecurityCenter.key.bak

  2. Copy the new certificates (e.g., host.crt and host.key) to the /opt/sc/support/conf directory and overwrite the current certificates. If prompted to overwrite, type y.

    # cp host.crt /opt/sc/support/conf/SecurityCenter.crt

    # cp host.key /opt/sc/support/conf/SecurityCenter.key

  3. Ensure the files have the correct permissions (640) and ownership (tns) as follows:

    # ls -l /opt/sc/support/conf/SecurityCenter.crt

    -rw-r--r--  1 tns tns  4389 May 15 15:12 SecurityCenter.crt

    # ls -l /opt/sc/support/conf/SecurityCenter.key

    -rw-r--r--  1 tns tns   887 May 15 15:12 SecurityCenter.key

    Caution: If an intermediate certificate is required, it must be copied to the system and given the correct permissions (640) and ownership (tns). Additionally, you must remove the # fromthe line in /opt/sc/support/conf/vhostssl.conf that begins with #SSLCertificateChainFile to enable the setting. Modify the path and filename to match the uploaded certificate.

  4. Restart the SecurityCenter services:

    # service SecurityCenter restart

  5. Browse to SecurityCenter using SSL (e.g., https://192.168.1.5).
  6. When prompted, verify the new certificate details.

Copyright 2017 Tenable, Inc. All rights reserved. Tenable Network Security, Nessus, SecurityCenter, SecurityCenter Continuous View and Log Correlation Engine are registered trademarks of Tenable, Inc.  Tenable, Tenable.io, Assure, and The Cyber Exposure Company are trademarks of Tenable, Inc.  All other products or services are trademarks of their respective owners.