On Mon, 30 Dec 2002 [EMAIL PROTECTED] wrote: > > # nessus > > SSL_CTX_load_verify_locations[18486]: error:06065064:digital envelope > > routines:EVP_DecryptFinal:bad decrypt ... > Looks like a problem with the passphrase with your server's private key. ... > I think so. In fact, at first I couldn't get nessusd to run without > error messages, and the reason was that I had the wrong value for > pem_password in nessusd.conf. When I corrected it, nessusd ran > without errors. This is what makes me think that I have the correct > passphrase for the server's key.
I was wrong above -- according to the source for nessusd, the error is generated while trying to load the CA cert, not the server cert. Further, nessusd _is_ able to find the file pointed to by ca_cert, it just can't load it. Now, looking at your configuration settings again: > ca_file=/usr/local/openssl/private/cacert.pem Is this really the CA cert? By convention, the directory "private" is for private keys; certs go in the directory "certs". If it's truly the CA cert and you created it using OpenSSL yourself, does it check out ok with OpenSSL? For example, run "openssl x509 -in /usr/local/openssl/private/cacert.pem -noout -text" Also, what steps did you follow when generating the CA cert? George -- [EMAIL PROTECTED] - [EMAIL PROTECTED]: general discussions about Nessus. * To unsubscribe, send a mail to [EMAIL PROTECTED] with "unsubscribe nessus" in the body.
