On Fri, May 20, 2005 at 12:50:27PM +0400, Max Sinelnikov
wrote:
I installed nessus 2.2.3 from Debian Sarge packages() om
my debian host, downloaded nessuwx and I get "server
doesn't have valid X.509 certificate".
From my nessusd.conf :
# Define SSL version, use NONE to disable SSL
# ssl_version = 3
Have you made any changes to that file? I don't know about
Debian, but by default it reads "# ssl_version = NONE". It's
commented out so it shouldn't matter.
# Added by nessus-mkcert
#
cert_file=/var/lib/nessus/CA/servercert.pem
key_file=/var/lib/nessus/private/CA/serverkey.pem
ca_file=/var/lib/nessus/CA/cacert.pem
(all this files exist in right place)
When I tried to do
openssl s_client -connect 127.0.0.1:1241 -tls1
I get following:
CONNECTED(00000003)
7033:error:1409E0E5:SSL routines:SSL3_WRITE_BYTES:ssl
handshake failure:s3_pkt.c:529:
Is there anything before that? I'd expect to see something
like "verify error:num=19:self signed certificate in
certificate chain". Anyway, try specifying the CAfile, key,
and cert options to s_client since (1) nessus-mkcert uses
its own CA and (2) nessusd asks for a peer cert when using
SSL.
When I'm connecting with NessusWX from my WinXP box :
gw01:~# cat /var/log/nessus/nessusd.messages
[Fri May 20 11:44:48 2005][6727] nessusd 2.2.3. started
[Fri May 20 11:45:11 2005][6727] Connection from
192.168.0.40 rejected by libwrap
You're not allowing the client connection via tcp_wrappers.
Adjust /etc/hosts.{allow,deny} as necessary.
And when I'm running nessusd -D it writes nothing about
ssl.
Does "nessusd -d" report anything about it?
George
--
theall@tenablesecurity.com
_______________________________________________
Nessus mailing list
Nessus@list.nessus.org
http://mail.nessus.org/mailman/listinfo/nessus
