Le ven 09/08/2002 � 14:34, Ronald Clark a �crit : > Does anyone know if Nessus can test for IIS vulnerabilities over the SSL > (443) port?
Yes. Just make sure that 1. Your Nessus is linked with SSL, as Renaud said, 2. that the find_service Pref. test SSL services"is on "All ports" or "Known SSL ports" In case you use a certificate based authentication, you have to set "SSL certificate", "SSL private key" etc. (in PEM format) NOTE that this is a different certificate from Nessus client/server SSL communication! > If so, and you would not mind, could you point me to a doc, or > simply type in some good instructions? nessus-core/README_SSL is not rich on this point, I am afraid :-( Once Nessus has identified that a port uses SSL, all network connection will work through SSL, transparently. There are only a couple of SSL specific tests - [EMAIL PROTECTED]: general discussions about Nessus. * To unsubscribe, send a mail to [EMAIL PROTECTED] with "unsubscribe nessus" in the body.
