Brian, OpenVAS uses X.509 (SSL or rather TLS) certificates for internal communication connections. I still use the automated setup which creates self signed certificates and it’s just as good as anything else really. Replacing those will be a bit tricky and so I haven’t bothered. You do mention however messing with Apache and a hostname mismatch error. So I think you only want to really replace the certificate used to open the Greenbone Security Assistant?
You do not need Apache, just run gsad with the correct parameters such as: gsad -p 443 --listen=0.0.0.0 --mlisten=127.0.0.1 --mport=9390 --ssl-private-key=/etc/ssl/hostname_privatekey.key --ssl-certificate=/etc/ssl/hostname_cert.crt --http-sts --gnutls-priorities="NORMAL:-VERS-TLS-ALL:+VERS-TLS1.2:-CIPHER-ALL:+AES-256-CBC" This will make it listen on IP 0.0.0.0 (all IP addresses) using port 443. It will connect to OpenVAS on IP 127.0.0.1 (localhost) port 9390 (default openvasmd port). The other parameters are self-explanatory I think. Thijs Stuurman Security Operations Center | KPN Internedservices B.V. [email protected]<mailto:[email protected]> | [email protected]<mailto:[email protected]> T: +31(0)299476185 | M: +31(0)624366778 PGP Key-ID: 0x16ADC048 (https://pgp.surfnet.nl/) Fingerprint: 2EDB 9B42 D6E8 7D4B 6E02 8BE5 6D46 8007 16AD C048 W: https://www.internedservices.nl<https://www.internedservices.nl/> | L: http://nl.linkedin.com/in/thijsstuurman Van: Openvas-discuss [mailto:[email protected]] Namens BT Verzonden: dinsdag 10 oktober 2017 06:03 Aan: [email protected] Onderwerp: [Openvas-discuss] OpenVas with 3rd Party SSL Certs (not self signed) Does anyone have any links or documentation that would assist me with adding a 3rd party SSL cert to OpenVas? I have spent a lot of time in Apache2 only to realize that it is not being used for SSL handshakes rather OpenVas is..Getting the SSL host name mismatch error and want to install a 3rd party SSL cert. I made all of the configuration changes in apache for SSL support and wondered why my changes were not working. I also searched to find any documentation that would outline the importing of custom or 3rd party SSL certs without any luck. That lead me to seek assistance from the mailing list. Certification authority: Certificate = /var/lib/openvas/CA/cacert.pem Private key = /var/lib/openvas/private/CA/cakey.pem . OpenVAS Server : Certificate = /var/lib/openvas/CA/servercert.pem Private key = /var/lib/openvas/private/CA/serverkey.pem OpenVAS Client: Certificate = /var/lib/openvas/CA/clientcert.pem Private key = /var/lib/openvas/private/CA/clientkey.pem myserver.key --> Private Key (generated by OpenSSL) mydomain.com.crt --> Public Key Certificate (godaddy SSL cert) gd_bundle.crt --> Certificate Chain Running Ubuntu 16.04.2 and OpenVAS Manager 7.0.1 with GSA I look forward to any assistance or guidance you can offer. Thanks! Brian
_______________________________________________ Openvas-discuss mailing list [email protected] https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
