Holy moli... now that I saw my mail, I see the:
- Status: The certificate is NOT trusted. The name in the certificate does not match the expected. warning. Looks like this might be the issue. Winni > From: "Winfried Neessen" <[email protected]> > To: "openvas-discuss" <[email protected]> > Sent: Thursday, July 16, 2015 3:50:23 PM > Subject: Re: [Openvas-discuss] TLS error when trying to launch scan > Hi, > any other suggestions on how to troubleshoot this? It definetely seems to be > GnuTLS related, but I am not able to figure out what happens. gnutls-cli is > able > to connect: > % sudo gnutls-cli --x509cafile /usr/pkg/openvas/var/lib/openvas/CA/cacert.pem > --x509certfile /usr/pkg/openvas/var/lib/openvas/CA/clientcert.pem > --x509keyfile > /usr/pkg/openvas/var/lib/openvas/private/CA/clientkey.pem --insecure -p 9391 > localhost > Processed 1 CA certificate(s). > Processed 1 client X.509 certificates... > Resolving 'localhost'... > Connecting to '::1:9391'... > Connecting to '127.0.0.1:9391'... > - Certificate type: X.509 > - Got a certificate list of 1 certificates. > - Certificate[0] info: > - subject `C=DE,ST=NRW,L=Cologne,O=cleverbridge AG,OU=Server certificate for > netscan.cgn.cleverbridge.com,CN=netscan.cgn.cleverbridge.com,[email protected]', > issuer `C=DE,ST=NRW,L=Cologne,O=cleverbridge AG,OU=Certification Authority for > netscan.cgn.cleverbridge.com,CN=netscan.cgn.cleverbridge.com,[email protected]', > RSA key 4096 bits, signed using RSA-SHA256, activated `2015-07-14 12:40:08 > UTC', expires `2016-07-13 12:40:08 UTC', SHA-1 fingerprint > `03d157c0bb49caff86e9494862bbe72f17977b52' > Public Key ID: > 4917ebe77e2ec221116f0210458c9d27fee3e97a > Public key's random art: > +--[ RSA 4096]----+ > | oOo. . | > | . * o o | > | . +.oo | > | ..o+o | > | .S+. . | > | + .o | > | . = .. | > | E o.. . | > | .+. ..+. | > +-----------------+ > - Status: The certificate is NOT trusted. The name in the certificate does not > match the expected. > *** PKI verification of server certificate failed... > - Successfully sent 1 certificate(s) to server. > - Description: (TLS1.2)-(ECDHE-RSA-SECP256R1)-(AES-128-GCM) > - Session ID: > D7:4B:24:A4:55:5B:75:17:ED:3E:96:65:7A:72:31:FB:F7:E1:A6:AD:55:9F:69:5A:F6:AC:B7:C0:CF:A5:B8:02 > - Ephemeral EC Diffie-Hellman parameters > - Using curve: SECP256R1 > - Curve size: 256 bits > - Version: TLS1.2 > - Key Exchange: ECDHE-RSA > - Server Signature: RSA-SHA256 > - Client Signature: RSA-SHA256 > - Cipher: AES-128-GCM > - MAC: AEAD > - Compression: NULL > - Options: extended master secret, safe renegotiation, > - Handshake was completed > - Simple Client Mode: > Any help is highly appreciated. > Winni >> From: "Eero Volotinen" <[email protected]> >> To: "Winfried Neessen" <[email protected]> >> Cc: "openvas-discuss" <[email protected]> >> Sent: Tuesday, July 14, 2015 3:56:03 PM >> Subject: Re: [Openvas-discuss] TLS error when trying to launch scan >> Try restarting services again.sounds like (new) certificates are not loaded >> to >> services. >> 14.7.2015 4.10 ip. "Winfried Neessen" < [email protected] > kirjoitti: >>> Hi, >>> my redis-server is running. Also I doubt that this has s. th. to do with >>> redis, >>> as the error says something >>> about a non-properly terminated TLS connection. >>> So I did a strace on the openvassd and found some messages about an >>> untrusted >>> certificate. I then recreated >>> the CA, server and client certificates via openvas-mkcert -f and >>> openvas-mkcert-client -i -n and restarted >>> the services. >>> Now when I try to resume the job, it always tells me: 503 Service temporarly >>> down in the notice box of >>> GSA. >>> Any other suggestions? >>> Thanks >>> Winni >>>> From: "Eero Volotinen" < [email protected] > >>>> To: "Winfried Neessen" < [email protected] > >>>> Cc: "openvas-discuss" < [email protected] > >>>> Sent: Tuesday, July 14, 2015 12:10:47 PM >>>> Subject: Re: [Openvas-discuss] TLS error when trying to launch scan >>>> Check your redis-server configuration. >>>> 14.7.2015 1.09 ip. "Winfried Neessen" < [email protected] > >>>> kirjoitti: >>>>> Hi, >>>>> I am trying to launch a scan in my OpenVAS instance. Once I press the >>>>> "play"-button, it says >>>>> "Requested" but after a second it already says: "Stopped at 1%". The >>>>> openvasmd.log says: >>>>> md main:WARNING:2015-07-14 10h06.49 UTC:24191: openvas_scanner_read: >>>>> failed to >>>>> read from server: The TLS connection was non-properly terminated. >>>>> event task:MESSAGE:2015-07-14 10h06.49 UTC:24191: Status of task Test >>>>> network >>>>> scan CGN (2fa50913-5928-4122-91a6-0c5251ecce56) has changed to Requested >>>>> event task:MESSAGE:2015-07-14 10h06.49 UTC:24191: Task >>>>> 2fa50913-5928-4122-91a6-0c5251ecce56 has been resumed by wneessen >>>>> md main:WARNING:2015-07-14 10h06.51 UTC:24193: openvas_scanner_read: >>>>> failed to >>>>> read from server: The specified session has been invalidated for some >>>>> reason. >>>>> event task:MESSAGE:2015-07-14 10h06.51 UTC:24193: Status of task Test >>>>> network >>>>> scan CGN (2fa50913-5928-4122-91a6-0c5251ecce56) has changed to Stopped >>>>> md main:WARNING:2015-07-14 10h06.51 UTC:24193: sql_close: attempt to >>>>> close db >>>>> with open statement(s) >>>>> Any idea what to do? >>>>> Thanks >>>>> Winni >>>>> _______________________________________________ >>>>> Openvas-discuss mailing list >>>>> [email protected] >>>>> https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss >>> _______________________________________________ >>> Openvas-discuss mailing list >>> [email protected] >>> https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss > _______________________________________________ > Openvas-discuss mailing list > [email protected] > https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
_______________________________________________ Openvas-discuss mailing list [email protected] https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
