Trust a Custom CA

Required User Role: tns user

You can configure Tenable.sc to trust a custom CA for certificate authentication or other uses.

To configure Tenable.sc to trust a custom CA:

  1. Log in to Tenable.sc via the user interface.

  2. Copy the required PEM-encoded CA certificate (and intermediate CA certificate, if needed) to the Tenable.sc server’s /tmp directory.

    In this example, the file is named ROOTCA2.cer.

  3. Run the installCA.php script to create the required files for each CA in /opt/sc/data/CA:

    # /opt/sc/support/bin/php /opt/sc/src/tools/installCA.php /tmp/ROOTCA2.cer2

    Tenable.sc processes all the CAs in the file.

  4. Restart Tenable.sc, as described in Start, Stop, or Restart Tenable.sc.