I have internal PKI deployed which gives me private key with certificate.
I need to know how can I configure to use https on this platform
@joebeasley its easier to use nginx as ssl reverse proxy
https://raw.githubusercontent.com/EeroV/openvas-gvm/main/files/default
Eero
@Eero The question asked how to enable SSL. That is the question I answered. I did not assume the OP knew how to use nginx.
1 Like
@joebeasley , You helped me. Thanks so much… good explanation through the video. I will be happy to see more configs to the channel. Thanks Again
For the records there are also various existing topics in this portal on how to configure SSL/TLS in gsad:
The relevant command line parameters which needs to be passed to gsad when starting it up (e.g. in the related systemd file) are:
-k, --ssl-private-key=<file> Use <file> as the private key for HTTPS
-c, --ssl-certificate=<file> Use <file> as the certificate for HTTPS
Hi @joebeasley I really appreciate your guide. I followed it step by step (after generating key, csr and cert), but the gsad service seems it don’t want to run. I have self-signed cert. I have following logs in /var/log:
gsad main:MESSAGE:2022-08-23 12h28.44 utc:1591243: Starting GSAD version 22.04.0
gsad main:CRITICAL:2022-08-23 12h28.44 utc:1591244: main: start_https_daemon failed!
My /etc/systemd/system/gsad.service looks like that:
[Unit]
Description=Greenbone Security Assistant daemon (gsad)
Documentation=man:gsad(8) https://www.greenbone.net
After=network.target gvmd.service
Wants=gvmd.service
[Service]
Type=forking
User=gvm
Group=gvm
RuntimeDirectory=gsad
RuntimeDirectoryMode=2775
PIDFile=/run/gsad/gsad.pid
ExecStart=/usr/local/sbin/gsad --listen=0.0.0.0 --port=9392 --no-redirect --ssl-private-key=/etc/gvm/fd.key --ssl-certificate=/etc/gvm/fd.crt
Restart=always
TimeoutStopSec=10
[Install]
WantedBy=multi-user.target
Alias=greenbone-security-assistant.service
Please provide me with some help here, it would be great:)
Stop gsad. "systemctl stop gsad.
Make sure gvm has access to gsad.pid.
Make sure gvm has access to the SSL cert files.
Run “systemctl daemon-reload” after making changes to gsad.service.
Start gsad. “systemctl start gsad”.
2 Likes
More logging info needed.
Try running your start line from the command line. It should give more output.
user@host: sudo -u gvm /usr/local/sbin/gsad --listen=0.0.0.0 --port=9392 --no-redirect --ssl-private-key=/etc/gvm/fd.key --ssl-certificate=/etc/gvm/fd.crt
** Also check the logs in /var/log/gvm
1 Like
It looks like that:
In the /var/log/gvm:
gsad main:MESSAGE:2022-08-24 09h09.10 utc:1648913: Starting GSAD version 22.04.0
gsad main:CRITICAL:2022-08-24 09h09.10 utc:1648914: main: Could not write PID file.
Uhm, I don’t know why privileges are not alright here…
If you start gsad manually and not via systemd you need to ensure that /run/gsad (for releases >= 21.4.4) exists and has the required permissions.
1 Like
Well, I don’t have such dir:
xzy@OV:/var/log/gvm$ cd /run/gsad
-bash: cd: /run/gsad: No such file or directory
Do I have to create one?
@v3rtx Check my config and I managed to have https, try to compare with what you have and change it as I have to see If you will resolve the issue.
1 Like
@bricks @Eero now I have the right dir and privileges, but gsad with the https config is not working
well I think I’ll better do that 