Christiaan, I am not familiar with your current error message.
Thijs Stuurman Security Operations Center | KPN Internedservices B.V. [email protected]<mailto:[email protected]> | [email protected]<mailto:[email protected]> T: +31(0)299476185 | M: +31(0)624366778 PGP Key-ID: 0x16ADC048 (https://pgp.surfnet.nl/) Fingerprint: 2EDB 9B42 D6E8 7D4B 6E02 8BE5 6D46 8007 16AD C048 W: https://www.internedservices.nl<https://www.internedservices.nl/> | L: http://nl.linkedin.com/in/thijsstuurman Van: Christiaan De Vries [mailto:[email protected]] Verzonden: vrijdag 17 november 2017 11:21 Aan: Thijs Stuurman <[email protected]>; [email protected] Onderwerp: RE: OpenVAS9 master/slave setup... Hoi Thijs, The verify scanner config test informs me that 'Scanner has been verified' and when I go into the configuration of the scanner, it shows me the following: [cid:[email protected]] Now, weirdly enough (after a reboot of both nodes) the error message about "the certificate hasn't got a known issuer " is gone, and the openvasmd.log (on the slave) now shows the following when I initiate a scan (from the master to the slave): md omp: INFO:2017-11-17 10h15.32 utc:15657: Failed to parse client XML: Error on line 1 char 2: ' ' is not a valid character following a '<' character; it may not begin an element name Any idea what this could imply? Thanks for your help! Christiaan de Vries Digital Planet From: Thijs Stuurman [mailto:[email protected]] Sent: 17 November 2017 10:03 To: [email protected]<mailto:[email protected]> Cc: Christiaan De Vries <[email protected]<mailto:[email protected]>> Subject: RE: OpenVAS9 master/slave setup... When creating the New Scanner on the master to configure the slave scanner, did you upload the slave's CA certificate? See the screenshot on the site. Thijs Stuurman Security Operations Center | KPN Internedservices B.V. [email protected]<mailto:[email protected]> | [email protected]<mailto:[email protected]> T: +31(0)299476185 | M: +31(0)624366778 PGP Key-ID: 0x16ADC048 (https://pgp.surfnet.nl/) Fingerprint: 2EDB 9B42 D6E8 7D4B 6E02 8BE5 6D46 8007 16AD C048 W: https://www.internedservices.nl<https://www.internedservices.nl/> | L: http://nl.linkedin.com/in/thijsstuurman Van: Openvas-discuss [mailto:[email protected]] Namens Christiaan De Vries Verzonden: donderdag 16 november 2017 13:10 Aan: [email protected]<mailto:[email protected]> Onderwerp: [Openvas-discuss] OpenVAS9 master/slave setup... Hello everybody, I'm running OpenVAS9 and am trying to configure a master/slave combination, so I followed the instructions in the following post but am running into (what I think) are certificate issues: https://blog.haardiek.org/setup-openvas-as-master-and-slave.html I see the following messages in the master logs: lib serv: DEBUG:2017-11-15 14h13.40 UTC:2667: Connected to server '172.X.X.X' port 9391. lib serv: DEBUG:2017-11-15 14h13.40 UTC:2667: Shook hands with server '172.X.x.X' port 9391. lib serv:WARNING:2017-11-15 14h13.40 UTC:2667: openvas_server_verify: the certificate is not trusted lib serv:WARNING:2017-11-15 14h13.40 UTC:2667: openvas_server_verify: the certificate hasn't got a known issuer md manage:WARNING:2017-11-15 14h13.40 UTC:2667: slave_connect: failed to open connection to 172.X.X.X on 9391 Now, if I check the certs on the slave, all seems well: root@DMZ-NVT-01:~# openvas-manage-certs -V OK: Directory for keys (/var/lib/openvas/private/CA) exists. OK: Directory for certificates (/var/lib/openvas/CA) exists. OK: CA key found in /var/lib/openvas/private/CA/cakey.pem OK: CA certificate found in /var/lib/openvas/CA/cacert.pem OK: CA certificate verified. OK: Certificate /var/lib/openvas/CA/clientcert.pem verified. OK: Certificate /var/lib/openvas/CA/servercert.pem verified. OK: Your OpenVAS certificate infrastructure passed validation. Same for the master, the checks are fine: root@Ubuntu-OpenVAS:/var/log/openvas# openvas-manage-certs -V OK: Directory for keys (/var/lib/openvas/private/CA) exists. OK: Directory for certificates (/var/lib/openvas/CA) exists. OK: CA key found in /var/lib/openvas/private/CA/cakey.pem OK: CA certificate found in /var/lib/openvas/CA/cacert.pem OK: CA certificate verified. OK: Certificate /var/lib/openvas/CA/servercert.pem verified. OK: Certificate /var/lib/openvas/CA/clientcert.pem verified. OK: Your OpenVAS certificate infrastructure passed validation. Any advice on how to debug/tackle/solve this problem? PS: I've noticed that in the GUI of the master, the following message is displayed, not sure if this is related?: "Certificate currently in use will expire" Regards, Christiaan de Vries Digital Planet
_______________________________________________ Openvas-discuss mailing list [email protected] https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
