Hi,
any other suggestions on how to troubleshoot this? It definetely seems to be
GnuTLS related, but I am not able to figure out what happens. gnutls-cli is
able
to connect:
% sudo gnutls-cli --x509cafile /usr/pkg/openvas/var/lib/openvas/CA/cacert.pem
--x509certfile /usr/pkg/openvas/var/lib/openvas/CA/clientcert.pem --x509keyfile
/usr/pkg/openvas/var/lib/openvas/private/CA/clientkey.pem --insecure -p 9391
localhost
Processed 1 CA certificate(s).
Processed 1 client X.509 certificates...
Resolving 'localhost'...
Connecting to '::1:9391'...
Connecting to '127.0.0.1:9391'...
- Certificate type: X.509
- Got a certificate list of 1 certificates.
- Certificate[0] info:
- subject `C=DE,ST=NRW,L=Cologne,O=cleverbridge AG,OU=Server certificate for
netscan.cgn.cleverbridge.com,CN=netscan.cgn.cleverbridge.com,[email protected]',
issuer `C=DE,ST=NRW,L=Cologne,O=cleverbridge AG,OU=Certification Authority for
netscan.cgn.cleverbridge.com,CN=netscan.cgn.cleverbridge.com,[email protected]',
RSA key 4096 bits, signed using RSA-SHA256, activated `2015-07-14 12:40:08
UTC', expires `2016-07-13 12:40:08 UTC', SHA-1 fingerprint
`03d157c0bb49caff86e9494862bbe72f17977b52'
Public Key ID:
4917ebe77e2ec221116f0210458c9d27fee3e97a
Public key's random art:
+--[ RSA 4096]----+
| oOo. . |
| . * o o |
| . +.oo |
| ..o+o |
| .S+. . |
| + .o |
| . = .. |
| E o.. . |
| .+. ..+. |
+-----------------+
- Status: The certificate is NOT trusted. The name in the certificate does not
match the expected.
*** PKI verification of server certificate failed...
- Successfully sent 1 certificate(s) to server.
- Description: (TLS1.2)-(ECDHE-RSA-SECP256R1)-(AES-128-GCM)
- Session ID:
D7:4B:24:A4:55:5B:75:17:ED:3E:96:65:7A:72:31:FB:F7:E1:A6:AD:55:9F:69:5A:F6:AC:B7:C0:CF:A5:B8:02
- Ephemeral EC Diffie-Hellman parameters
- Using curve: SECP256R1
- Curve size: 256 bits
- Version: TLS1.2
- Key Exchange: ECDHE-RSA
- Server Signature: RSA-SHA256
- Client Signature: RSA-SHA256
- Cipher: AES-128-GCM
- MAC: AEAD
- Compression: NULL
- Options: extended master secret, safe renegotiation,
- Handshake was completed
- Simple Client Mode:
Any help is highly appreciated.
Winni
> From: "Eero Volotinen" <[email protected]>
> To: "Winfried Neessen" <[email protected]>
> Cc: "openvas-discuss" <[email protected]>
> Sent: Tuesday, July 14, 2015 3:56:03 PM
> Subject: Re: [Openvas-discuss] TLS error when trying to launch scan
> Try restarting services again.sounds like (new) certificates are not loaded to
> services.
> 14.7.2015 4.10 ip. "Winfried Neessen" < [email protected] > kirjoitti:
>> Hi,
>> my redis-server is running. Also I doubt that this has s. th. to do with
>> redis,
>> as the error says something
>> about a non-properly terminated TLS connection.
>> So I did a strace on the openvassd and found some messages about an untrusted
>> certificate. I then recreated
>> the CA, server and client certificates via openvas-mkcert -f and
>> openvas-mkcert-client -i -n and restarted
>> the services.
>> Now when I try to resume the job, it always tells me: 503 Service temporarly
>> down in the notice box of
>> GSA.
>> Any other suggestions?
>> Thanks
>> Winni
>>> From: "Eero Volotinen" < [email protected] >
>>> To: "Winfried Neessen" < [email protected] >
>>> Cc: "openvas-discuss" < [email protected] >
>>> Sent: Tuesday, July 14, 2015 12:10:47 PM
>>> Subject: Re: [Openvas-discuss] TLS error when trying to launch scan
>>> Check your redis-server configuration.
>>> 14.7.2015 1.09 ip. "Winfried Neessen" < [email protected] >
>>> kirjoitti:
>>>> Hi,
>>>> I am trying to launch a scan in my OpenVAS instance. Once I press the
>>>> "play"-button, it says
>>>> "Requested" but after a second it already says: "Stopped at 1%". The
>>>> openvasmd.log says:
>>>> md main:WARNING:2015-07-14 10h06.49 UTC:24191: openvas_scanner_read:
>>>> failed to
>>>> read from server: The TLS connection was non-properly terminated.
>>>> event task:MESSAGE:2015-07-14 10h06.49 UTC:24191: Status of task Test
>>>> network
>>>> scan CGN (2fa50913-5928-4122-91a6-0c5251ecce56) has changed to Requested
>>>> event task:MESSAGE:2015-07-14 10h06.49 UTC:24191: Task
>>>> 2fa50913-5928-4122-91a6-0c5251ecce56 has been resumed by wneessen
>>>> md main:WARNING:2015-07-14 10h06.51 UTC:24193: openvas_scanner_read:
>>>> failed to
>>>> read from server: The specified session has been invalidated for some
>>>> reason.
>>>> event task:MESSAGE:2015-07-14 10h06.51 UTC:24193: Status of task Test
>>>> network
>>>> scan CGN (2fa50913-5928-4122-91a6-0c5251ecce56) has changed to Stopped
>>>> md main:WARNING:2015-07-14 10h06.51 UTC:24193: sql_close: attempt to close
>>>> db
>>>> with open statement(s)
>>>> Any idea what to do?
>>>> Thanks
>>>> Winni
>>>> _______________________________________________
>>>> Openvas-discuss mailing list
>>>> [email protected]
>>>> https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
>> _______________________________________________
>> Openvas-discuss mailing list
>> [email protected]
>> https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
_______________________________________________
Openvas-discuss mailing list
[email protected]
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
