When creating the New Scanner on the master to configure the slave scanner, did you upload the slave's CA certificate? See the screenshot on the site.
Thijs Stuurman Security Operations Center | KPN Internedservices B.V. [email protected]<mailto:[email protected]> | [email protected]<mailto:[email protected]> T: +31(0)299476185 | M: +31(0)624366778 PGP Key-ID: 0x16ADC048 (https://pgp.surfnet.nl/) Fingerprint: 2EDB 9B42 D6E8 7D4B 6E02 8BE5 6D46 8007 16AD C048 W: https://www.internedservices.nl<https://www.internedservices.nl/> | L: http://nl.linkedin.com/in/thijsstuurman Van: Openvas-discuss [mailto:[email protected]] Namens Christiaan De Vries Verzonden: donderdag 16 november 2017 13:10 Aan: [email protected] Onderwerp: [Openvas-discuss] OpenVAS9 master/slave setup... Hello everybody, I'm running OpenVAS9 and am trying to configure a master/slave combination, so I followed the instructions in the following post but am running into (what I think) are certificate issues: https://blog.haardiek.org/setup-openvas-as-master-and-slave.html I see the following messages in the master logs: lib serv: DEBUG:2017-11-15 14h13.40 UTC:2667: Connected to server '172.X.X.X' port 9391. lib serv: DEBUG:2017-11-15 14h13.40 UTC:2667: Shook hands with server '172.X.x.X' port 9391. lib serv:WARNING:2017-11-15 14h13.40 UTC:2667: openvas_server_verify: the certificate is not trusted lib serv:WARNING:2017-11-15 14h13.40 UTC:2667: openvas_server_verify: the certificate hasn't got a known issuer md manage:WARNING:2017-11-15 14h13.40 UTC:2667: slave_connect: failed to open connection to 172.X.X.X on 9391 Now, if I check the certs on the slave, all seems well: root@DMZ-NVT-01:~# openvas-manage-certs -V OK: Directory for keys (/var/lib/openvas/private/CA) exists. OK: Directory for certificates (/var/lib/openvas/CA) exists. OK: CA key found in /var/lib/openvas/private/CA/cakey.pem OK: CA certificate found in /var/lib/openvas/CA/cacert.pem OK: CA certificate verified. OK: Certificate /var/lib/openvas/CA/clientcert.pem verified. OK: Certificate /var/lib/openvas/CA/servercert.pem verified. OK: Your OpenVAS certificate infrastructure passed validation. Same for the master, the checks are fine: root@Ubuntu-OpenVAS:/var/log/openvas# openvas-manage-certs -V OK: Directory for keys (/var/lib/openvas/private/CA) exists. OK: Directory for certificates (/var/lib/openvas/CA) exists. OK: CA key found in /var/lib/openvas/private/CA/cakey.pem OK: CA certificate found in /var/lib/openvas/CA/cacert.pem OK: CA certificate verified. OK: Certificate /var/lib/openvas/CA/servercert.pem verified. OK: Certificate /var/lib/openvas/CA/clientcert.pem verified. OK: Your OpenVAS certificate infrastructure passed validation. Any advice on how to debug/tackle/solve this problem? PS: I've noticed that in the GUI of the master, the following message is displayed, not sure if this is related?: "Certificate currently in use will expire" Regards, Christiaan de Vries Digital Planet
_______________________________________________ Openvas-discuss mailing list [email protected] https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
