Gsad ssl certificate

i setup the latest 20.08 release and want to put my own key and certificate with:
gsad --ssl-private-key=/path/ssl/private.pem

it says Oops, secure memory pool already initialized

i found out its just a warning and i can simply ignore it, however, i started my gsad service again, but i could not see any changes.

In /etc/default theres a file gsad which seems familiar for my use.
There i tried things like SSL_PRIVATE_KEY=/path/ssl/private.pem

But i did not work.
How can i solve it?

1 Like

ah, of course i did gsad --ssl-certificate=... too.

gsad --ssl-private-key=/path/ssl/private.pem was an example only

i tried several service files and several terms like GSA_SSL…, GSAD_SSL…
but nothings seems to work.

has anyone an idea in which directory/file i have to look?

This is my startup script:

Description=Greenbone Security Assistant (gsad)

ExecStart=/opt/gvm/sbin/gsad --drop-privileges=gvm -p 443 -k /opt/gvm/var/lib/gvm/private/CA/private.pem -c /opt/gvm/var/lib/gvm/private/CA/certificate.pem


Should work this way?
But still i am getting a warning on https

Your path is not system-standard, i would configure your system more FHS complaint. Why are your storing the public and private key within a private directory ?
I do not know your permission model, but it might be broken that way.

To be honest i only tried this directory because i was running out of options and saw sth similar here

I had my key and my certificate in /opt/gvm/ssl/ before

I got the files under /opt/gvm/sbin/.. and changed it in my startup-scripts.
It still doesnt work. I dont understand why my certificate is not accepted. Is there sth i forgot?

Btw is it enough to restart the gsad.service? I did not reboot the server yet

im not a fan of rebooting. did it, and it works just fine, no https warning