Configure https traffic on GSA

I have internal PKI deployed which gives me private key with certificate.

I need to know how can I configure to use https on this platform

@jozb for example you can use nginx as ssl proxy

see my other message for nginx example


You need to modify the startup script to use SSL.


@joebeasley its easier to use nginx as ssl reverse proxy


@Eero The question asked how to enable SSL. That is the question I answered. I did not assume the OP knew how to use nginx.

1 Like

@joebeasley , You helped me. Thanks so much… good explanation through the video. I will be happy to see more configs to the channel. Thanks Again

For the records there are also various existing topics in this portal on how to configure SSL/TLS in gsad:

The relevant command line parameters which needs to be passed to gsad when starting it up (e.g. in the related systemd file) are:

  -k, --ssl-private-key=<file>           Use <file> as the private key for HTTPS
  -c, --ssl-certificate=<file>           Use <file> as the certificate for HTTPS

Hi @joebeasley I really appreciate your guide. I followed it step by step (after generating key, csr and cert), but the gsad service seems it don’t want to run. I have self-signed cert. I have following logs in /var/log:

gsad main:MESSAGE:2022-08-23 12h28.44 utc:1591243: Starting GSAD version 22.04.0
gsad main:CRITICAL:2022-08-23 12h28.44 utc:1591244: main: start_https_daemon failed!

My /etc/systemd/system/gsad.service looks like that:

Description=Greenbone Security Assistant daemon (gsad)
Documentation=man:gsad(8) gvmd.service

ExecStart=/usr/local/sbin/gsad --listen= --port=9392 --no-redirect --ssl-private-key=/etc/gvm/fd.key --ssl-certificate=/etc/gvm/fd.crt


Please provide me with some help here, it would be great:)

Stop gsad. "systemctl stop gsad.

Make sure gvm has access to

Make sure gvm has access to the SSL cert files.

Run “systemctl daemon-reload” after making changes to gsad.service.

Start gsad. “systemctl start gsad”.


I’ve done that, unfortunately it doesn’t work:(

More logging info needed.

Try running your start line from the command line. It should give more output.

user@host: sudo -u gvm /usr/local/sbin/gsad --listen= --port=9392 --no-redirect --ssl-private-key=/etc/gvm/fd.key --ssl-certificate=/etc/gvm/fd.crt

** Also check the logs in /var/log/gvm

1 Like

It looks like that:

In the /var/log/gvm:

gsad main:MESSAGE:2022-08-24 09h09.10 utc:1648913: Starting GSAD version 22.04.0
gsad main:CRITICAL:2022-08-24 09h09.10 utc:1648914: main: Could not write PID file.

Uhm, I don’t know why privileges are not alright here…

If you start gsad manually and not via systemd you need to ensure that /run/gsad (for releases >= 21.4.4) exists and has the required permissions.

1 Like

Well, I don’t have such dir:

xzy@OV:/var/log/gvm$ cd /run/gsad
-bash: cd: /run/gsad: No such file or directory

Do I have to create one?

@v3rtx yes.


1 Like

@v3rtx Check my config and I managed to have https, try to compare with what you have and change it as I have to see If you will resolve the issue.

1 Like

@bricks @Eero now I have the right dir and privileges, but gsad with the https config is not working

- @jozb

@v3rtx well. I prefer nginx as ssl proxy…


well I think I’ll better do that :sweat_smile:

@v3rtx as Nginx is very simple as ssl reverse proxy. It just works.