Thursday, 31 October 2013

Install root CA into Nessus

Came across this little 'gem' today, when sorting out internal SSL certificate results for a customer who uses our internal network vulnerability scanner, which is essentially a custom web front end, with scheduling and re-mediation assignment and Nessus pro feed back-end.

Anyway, they wanted to install their own CA cert, from internal PKI, to remove SSL Certificate errors.

Alls you need to do is:

1. Save your root CA into PEM format and rename it as custom_CA.inc

cp cert.cer custom_CA.inc

2. Copy the custom_CA.inc to the Nessus lib plugins folder

sudo cp custom_CA.inc /opt/nessus/lib/nessus/plugins/

Now all those pesky SSL Certificate errors for internal network SSL based connections, wont appear in your results.

NOTE:- Dont do this for external SSL based services, you really should be using a SSL Cert signed by a recognised Certificate Authority (CA).

HTH