To the list, Is anyone using certificates with Nessus which are issued by an internal Certificate Authority (CA). If so, could you share with me how you have set up Nessus to import these certificates on the Nessus Host?
Kind Regards, Rafael Rosado, CISSP, CISA Lucent Technologies IT Security Manager - Corporate Security Business Assurance and Risk Mitigation Services (B.A.R.M.S.) 2400 SW 145th Avenue Miramar, Florida 33027 Office: 954-885-2176 Facsimile: 954-885-3861 Email: [EMAIL PROTECTED] This electronic mail message contains information belonging to Lucent Technologies, which may be confidential and/or legal privileged. The information is intended only for the use of the individual or entity named above. If you are not the intended recipient, you are hereby notified that any disclosure, printing, copying, distribution, or the taking of any action in reliance on the contents of this electronically mailed information is strictly prohibited. If you receive this message in error, please immediately notify us by electronic mail and delete this message. -----Original Message----- From: Lionel CONS [mailto:[EMAIL PROTECTED] Sent: Thursday, October 23, 2003 7:00 AM To: [EMAIL PROTECTED] Subject: Certificate Authentication Hello, I'm trying to make Nessus use some certificates instead of the normal password authentication but I fail to make it work. I've looked at the documentation (including README_SSL) and Google in vain... Does anyone use certificate authentication? FYI, here is what I've done: - create a server certificate with nessus-mkcert - create a client certificate with nessus-mkcert-client - added a user with nessus-adduser with the corresponding DN - put the correct paths in nessud.conf and .nessursc - restarted the daemon In the procedure, I'm never prompted for a password so I guess the client key is not password protected. However, the Nessus GUI wants a password. When I type one, I get a "failed login" message. Any help would be appreciated... __________________________________________________________ Lionel Cons http://cern.ch/lionel.cons CERN http://www.cern.ch Experience is something you don't get until just after you need it. - Olivier
