On Sonntag, 23. März 2014, Chris wrote: > i hope this wasn't asked before but i'm not able to find the needed > informations when using search various search terms or by searching > through the existing OpenVAS NVTs or the GSA GUI. I was able to find > NVTs which are checking for self-signed and expired certificates but not > for this: > > Is OpenVAS 6 able to perform a check if the certificate installed on a > target host is in a trusted CA list like the ca-certificates? If yes how > can i configure this or is this enabled by default?
that is not possible in OpenVAS-6 out of the box. In OpenVAS-7 any SSL certificates are pulled and stored in the internal host details. There is even e results menu where you can see the list of certificates and download them in pem format. But a full internal trust store is not implemented. I thought about it and it might also mean to support CRLs or OCSP. Not sure how far to go here and what benefits are gained. Opinions? -- Dr. Jan-Oliver Wagner | ++49-541-335084-0 | http://www.greenbone.net/ Greenbone Networks GmbH, Neuer Graben 17, 49074 Osnabrück | AG Osnabrück, HR B 202460 Geschäftsführer: Lukas Grunwald, Dr. Jan-Oliver Wagner _______________________________________________ Openvas-discuss mailing list [email protected] https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
