Hello everybody, I'm running OpenVAS9 and am trying to configure a master/slave combination, so I followed the instructions in the following post but am running into (what I think) are certificate issues: https://blog.haardiek.org/setup-openvas-as-master-and-slave.html
I see the following messages in the master logs: lib serv: DEBUG:2017-11-15 14h13.40 UTC:2667: Connected to server '172.X.X.X' port 9391. lib serv: DEBUG:2017-11-15 14h13.40 UTC:2667: Shook hands with server '172.X.x.X' port 9391. lib serv:WARNING:2017-11-15 14h13.40 UTC:2667: openvas_server_verify: the certificate is not trusted lib serv:WARNING:2017-11-15 14h13.40 UTC:2667: openvas_server_verify: the certificate hasn't got a known issuer md manage:WARNING:2017-11-15 14h13.40 UTC:2667: slave_connect: failed to open connection to 172.X.X.X on 9391 Now, if I check the certs on the slave, all seems well: root@DMZ-NVT-01:~# openvas-manage-certs -V OK: Directory for keys (/var/lib/openvas/private/CA) exists. OK: Directory for certificates (/var/lib/openvas/CA) exists. OK: CA key found in /var/lib/openvas/private/CA/cakey.pem OK: CA certificate found in /var/lib/openvas/CA/cacert.pem OK: CA certificate verified. OK: Certificate /var/lib/openvas/CA/clientcert.pem verified. OK: Certificate /var/lib/openvas/CA/servercert.pem verified. OK: Your OpenVAS certificate infrastructure passed validation. Same for the master, the checks are fine: root@Ubuntu-OpenVAS:/var/log/openvas# openvas-manage-certs -V OK: Directory for keys (/var/lib/openvas/private/CA) exists. OK: Directory for certificates (/var/lib/openvas/CA) exists. OK: CA key found in /var/lib/openvas/private/CA/cakey.pem OK: CA certificate found in /var/lib/openvas/CA/cacert.pem OK: CA certificate verified. OK: Certificate /var/lib/openvas/CA/servercert.pem verified. OK: Certificate /var/lib/openvas/CA/clientcert.pem verified. OK: Your OpenVAS certificate infrastructure passed validation. Any advice on how to debug/tackle/solve this problem? PS: I've noticed that in the GUI of the master, the following message is displayed, not sure if this is related?: "Certificate currently in use will expire" Regards, Christiaan de Vries Digital Planet
_______________________________________________ Openvas-discuss mailing list [email protected] https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
