Hi Hani,
I believe I got it figured out - it was the "om" user's certificate that
needed to be updated. I had misinterpreted and believed it was a
certificate for our own user we login to GSAD with that needed to be fixed.
After re-running openvas-mkcert-client -n om -i, then restarting all of
the openvas services, the daemons are communicated with each other again
and scans are running.
Thanks for the help!
On 5/12/2014 11:06 AM, Hani Benhabiles wrote:
Hi Russell,
On 2014-05-12 17:14, Russell Jones wrote:
Hi all,
We came in this morning to an OpenVAS installation that stopped all
scans at 1%. The openvassd.log file revealed:
[Sun May 11 06:00:12 2014][19746] [19746] failed to verify the peer
certificate:
[Sun May 11 06:00:12 2014][19746] [19746] The certificate has expired
[Sun May 11 06:00:12 2014][19746] [19746] The certificate is invalid
[Mon May 12 14:24:40 2014][20543] [20543] failed to verify the peer
certificate:
[Mon May 12 14:24:40 2014][20543] [20543] The certificate has expired
[Mon May 12 14:24:40 2014][20543] [20543] The certificate is invalid
[Mon May 12 14:24:40 2014][20545] [20545] failed to verify the peer
certificate:
[Mon May 12 14:24:40 2014][20545] [20545] The certificate has expired
[Mon May 12 14:24:40 2014][20545] [20545] The certificate is invalid
I have regenerated certificates via both openvas-mkcert and
openvas-mkcert-client. I manually installed the client certificates as
requested by the script. Unfortunately that has not corrected the
issue. I can login to GSAD as the admin user, and click "start" on a
task. However after doing that it immediately shows the error:
An internal error occurred while getting the filter list. The
current list of filters is not available. Diagnostics: Failure to
receive response from manager daemon.
The manager log shows:
md main:WARNING:2014-05-12 16h09.16 UTC:21624: read_from_server:
failed to read from server: A TLS packet with unexpected length was
received.
md main:WARNING:2014-05-12 16h09.21 UTC:21623: read_from_server:
failed to read from server: A TLS packet with unexpected length was
received.
Issue looks like it is related to the communication between the
scanner and the manager.
Have you restarted _both_ the openvassd and openvasmd processes after
recreating the certs ? Also, re-check that you used the correct paths
when copying the certs manually.
event task:MESSAGE:2014-05-12 16h09.21 UTC:21623: Status of task COM
- Weekly deep scan (d40d6eea-fb8b-44f9-8132-4262c19e3e9f) has changed
to Stopped
Restarting openvasmd reports:
lib auth: INFO:2014-05-12 16h12.06 utc:21660: Authentication
configuration not found.
Any ideas on how to get the setup back to a working state? I've
tried openvasmd --rebuild as well with no success. Not sure what else
it needs to be happy :-)
_______________________________________________
Openvas-discuss mailing list
[email protected]
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
_______________________________________________
Openvas-discuss mailing list
[email protected]
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
_______________________________________________
Openvas-discuss mailing list
[email protected]
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
