It loads the certificates exactly from the place I looked at, as you can see below.
open("/var/lib/openvas/private/CA/serverkey.pem", O_RDONLY) = 5 open("/var/lib/openvas/CA/servercert.pem", O_RDONLY) = 5 open("/var/lib/openvas/CA/cacert.pem", O_RDONLY) = 5 I did a clean installation of Debian Jessie and OpenVAS8 using latest install media, and am having the same issues after renewing certificates as mentioned before. 06.11.2015----16:53:54eero.t.voloti...@gmail.com wrote on 06.11.2015 16:53:54: > From: Eero Volotinen <eero.voloti...@iki.fi>> To: Helmut Koers <HK o...@de.hellmann.net>, > Cc: openvas-disc u...@wald.intevation.org> Date: 06.11.2015 16:53> Subject: Re: [Openvas-discuss] S ervice temporarily down> Sent by: eer o.t.voloti...@gmail.com> > Well, you could start openvasmd under strace like this strace -f -e > open openvasmd and look wher e it open certificates.> Maybe you are l ooking in wrong place..> Eero> 6.11.2015 3.51 ip. "Helmut Koers" <HKoers@de.h ellmann.net> kirjoitti:> Yes, I have tried both, deleting client, server and ca certs as well as > cert and keys (.../var/lib/openvas/CA/ und > .../var/lib/openvas/private/CA/), which then have been newly created. I've > tried it several time, but here was not difference, I am am still seeing > the error message and am not able to execute a scan. > > > 06.11.2015----13:29:56eero.t.voloti...@gmail.com wrote on 06.11.2015 > 13:29:56: > > > From: Eero Volotinen > <eero.voloti...@iki.fi>> To: Helmut Koers <HK > o...@de.hellmann.net>, > Cc: openvas-disc > u...@wald.intevation.org> > Date: 06.11.2015 13:30> Subject: Re: [Openvas-discuss] S > ervice temporarily down> Sent by: eer > o.t.voloti...@gmail.com> > > Well, did you really deleted server ca > , cert > and client cert?> Eero> 6.11.2015 12.57 ip. "Helmut Koers" <HKoers@de.h > ellmann.net> kirjoitti:> Unfortunately, that did not solve the issue, same > error in GSAD than > > before. > > > > Not sure if I got the right error message in openvasmd.log before, now I > > see the following: > > > > lib serv:WARNING:2015-11-06 11h51.21 CET:7977: openvas_server_verify: > the > > certificate is not trusted > > lib serv:WARNING:2015-11-06 11h51.21 CET:7977: openvas_server_verify: > the > > certificate hasn't got a known issuer > > event task:MESSAGE:2015-11-06 11h51.21 CET:7977: Task > > c0d4970e-cfa7-478f-9988-3dbfc3f11b52 could not be started by ovadmin > > > > I repeated the actions I have been received, but no change. > > > > > > 06.11.2015----10:59:20eero.t.voloti...@gmail.com wrote on 06.11.2015 > > 10:59:20: > > > > > From: Eero Volotinen > > <eero.voloti...@iki.fi>> To: Helmut Koers <HK > > o...@de.hellmann.net>, > Cc: openvas-disc > > u...@wald.intevation.org> > > Date: 06.11.2015 10:59> Subject: Re: [Openvas-discuss] S > > ervice temporarily down> Sent by: eer > > o.t.voloti...@gmail.com> > > > Try to delete old ca and certs and then regener > > ate & > > restart services.> Eero> 6.11.2015 10.44 ap. "Helmut Koers" <HKoers@de.h > > ellmann.net> kirjoitti:> Hi all, > > > after renewing OpenVAS certificates as requested: > > > > > > openvas-mkcert -f -q > > > openvas-mkcert-client -n -i > > > > > > and reooting the entire system, I can't run a scan anymore getting an > > > error message in GSAD saying: > > > > > > Operation: Start Task > > > Status code: 503 > > > Status message: Service temporarily down > > > > > > The openvasmd.log shows the following: > > > > > > lib serv:WARNING:2015-11-06 09h36.44 CET:966: Failed to shake hands > > with > > > peer: The TLS connection was non-properly terminated. > > > lib serv:WARNING:2015-11-06 09h36.44 CET:966: Failed to shutdown > server > > > socket > > > event task:MESSAGE:2015-11-06 09h36.44 CET:966: Task > > > 2e6cc5ec-27e3-4f29-8e53-8b2e6af6c81d could not be started by admin > > > > > > I am running OpenVAS 8 on Debian Jessie. > > > > > > Any advice is appreciated. > > > _______________________________________________ > > > Openvas-discuss mailing list > > > Openvas-discuss@wald.intevation.org > > > > > > https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss _______________________________________________ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss