they expire after a year, faced this a few months ago i modified the scripts to generate certificates valid for 10 years
Am 12.05.2014 18:31, schrieb Russell Jones: > I believe I got it figured out - it was the "om" user's certificate that > needed to be updated. I had misinterpreted > and believed it was a certificate for our own user we login to GSAD with that > needed to be fixed. > > After re-running openvas-mkcert-client -n om -i, then restarting all of the > openvas services, the daemons are > communicated with each other again and scans are running. > > Thanks for the help! > > > On 5/12/2014 11:06 AM, Hani Benhabiles wrote: >> Hi Russell, >> >> On 2014-05-12 17:14, Russell Jones wrote: >>> Hi all, >>> >>> We came in this morning to an OpenVAS installation that stopped all >>> scans at 1%. The openvassd.log file revealed: >>> >>> [Sun May 11 06:00:12 2014][19746] [19746] failed to verify the peer >>> certificate: >>> [Sun May 11 06:00:12 2014][19746] [19746] The certificate has expired >>> [Sun May 11 06:00:12 2014][19746] [19746] The certificate is invalid >>> [Mon May 12 14:24:40 2014][20543] [20543] failed to verify the peer >>> certificate: >>> [Mon May 12 14:24:40 2014][20543] [20543] The certificate has expired >>> [Mon May 12 14:24:40 2014][20543] [20543] The certificate is invalid >>> [Mon May 12 14:24:40 2014][20545] [20545] failed to verify the peer >>> certificate: >>> [Mon May 12 14:24:40 2014][20545] [20545] The certificate has expired >>> [Mon May 12 14:24:40 2014][20545] [20545] The certificate is invalid >>> >>> I have regenerated certificates via both openvas-mkcert and >>> openvas-mkcert-client. I manually installed the client certificates as >>> requested by the script. Unfortunately that has not corrected the >>> issue. I can login to GSAD as the admin user, and click "start" on a >>> task. However after doing that it immediately shows the error: >>> >>> An internal error occurred while getting the filter list. The >>> current list of filters is not available. Diagnostics: Failure to >>> receive response from manager daemon. >>> >>> The manager log shows: >>> >>> md main:WARNING:2014-05-12 16h09.16 UTC:21624: read_from_server: >>> failed to read from server: A TLS packet with unexpected length was >>> received. >>> md main:WARNING:2014-05-12 16h09.21 UTC:21623: read_from_server: >>> failed to read from server: A TLS packet with unexpected length was >>> received. >> >> Issue looks like it is related to the communication between the scanner and >> the manager. >> >> Have you restarted _both_ the openvassd and openvasmd processes after >> recreating the certs ? Also, re-check that >> you used the correct paths when copying the certs manually. >> >>> event task:MESSAGE:2014-05-12 16h09.21 UTC:21623: Status of task COM >>> - Weekly deep scan (d40d6eea-fb8b-44f9-8132-4262c19e3e9f) has changed >>> to Stopped >>> >>> Restarting openvasmd reports: >>> >>> lib auth: INFO:2014-05-12 16h12.06 utc:21660: Authentication >>> configuration not found. >>> >>> Any ideas on how to get the setup back to a working state? I've >>> tried openvasmd --rebuild as well with no success. Not sure what else >>> it needs to be happy :-)
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Openvas-discuss mailing list [email protected] https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
