[root@openvas:~]$ cat /etc/sysconfig/gsad GSA_ADDRESS=0.0.0.0 GSA_PORT=443 GSA_SSL_PRIVATE_KEY=/var/lib/openvas/CA/openvas.thelounge.net.pem GSA_SSL_CERTIFICATE=/var/lib/openvas/CA/openvas.thelounge.net.pem GSA_SSL_CIPHERS=TLS_DHE_RSA_AES_256_CBC_SHA1 ADMINISTRATOR_ADDRESS=127.0.0.1 ADMINISTRATOR_PORT=9393 MANAGER_ADDRESS=127.0.0.1 MANAGER_PORT=9390
[root@openvas:~]$ ps aux | grep vasroot 1199 0.0 0.1 159272 3084 ? Sl 17:12 0:00 /usr/sbin/gsad --listen=0.0.0.0 --port=443 --ssl-private-key=/var/lib/openvas/CA/openvas.thelounge.net.pem --ssl-certificate=/var/lib/openvas/CA/openvas.thelounge.net.pem --mlisten=127.0.0.1 --mport=9390
Am 18.12.2014 um 20:44 schrieb Ralph Schell [Bright]:
Hello Harald, thank you very much for the rapid response. in what configuration file do we need to announce our own certs, or do we need to use the openvas-mkcert(-client) to create our own ? (which if that would work is fine by me) mvg/kind regards Ralph Schell GSM: +31-6-45418839 On 18-12-14 20:33, Reindl Harald wrote:Am 18.12.2014 um 20:28 schrieb Ralph Schell [Bright]:the certificates used by OpenVAS and presented to our server at port 9392 to logon to the Greenbone Agent are not trusted by Firefox. An exception is needed.thatÄs how self signed certs workIs there a way we could use our company certs and keys in OpenVAS [which have chain-keys] so that the logon URL can be verified by Firefox and the site can be logged on to without having to resort to "Configure exception" for OpenVAS?surely, install your own certs [root@openvas:~]$ ls /var/lib/openvas/CA/ insgesamt 28K -rw-r--r-- 1 root root 1,7K 2014-02-01 09:41 cacert.pem -rw------- 1 root root 4,1K 2014-07-31 22:10 clientcert.pem -rw------- 1 root root 5,8K 2014-05-25 01:57 openvas.thelounge.net.pem -rw-r--r-- 1 root root 4,5K 2014-02-01 09:41 servercert.pem
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Openvas-discuss mailing list [email protected] https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
