alessio
September 9, 2020, 4:19pm
1
Hi,
i setup the latest 20.08 release and want to put my own key and certificate with:
gsad --ssl-private-key=/path/ssl/private.pem
it says Oops, secure memory pool already initialized
i found out its just a warning and i can simply ignore it, however, i started my gsad service again, but i could not see any changes.
In /etc/default
theres a file gsad
which seems familiar for my use.
There i tried things like SSL_PRIVATE_KEY=/path/ssl/private.pem
But i did not work.
How can i solve it?
1 Like
alessio
September 9, 2020, 6:53pm
2
ah, of course i did gsad --ssl-certificate=...
too.
gsad --ssl-private-key=/path/ssl/private.pem
was an example only
alessio
September 11, 2020, 11:48am
3
i tried several service files and several terms like GSA_SSL…, GSAD_SSL…
but nothings seems to work.
has anyone an idea in which directory/file i have to look?
alessio
September 13, 2020, 11:48am
4
This is my startup script:
[Unit]
Description=Greenbone Security Assistant (gsad)
Documentation=man:gsad(8) https://www.greenbone.net
After=network.target
Wants=gvmd.service
[Service]
Type=forking
PIDFile=/opt/gvm/var/run/gsad.pid
WorkingDirectory=/opt/gvm
ExecStart=/opt/gvm/sbin/gsad --drop-privileges=gvm -p 443 -k /opt/gvm/var/lib/gvm/private/CA/private.pem -c /opt/gvm/var/lib/gvm/private/CA/certificate.pem
Restart=on-failure
RestartSec=2min
KillMode=process
KillSignal=SIGINT
GuessMainPID=no
PrivateTmp=true
[Install]
WantedBy=multi-user.target
Should work this way?
But still i am getting a warning on https
Lukas
September 13, 2020, 12:51pm
5
Your path is not system-standard, i would configure your system more FHS complaint. Why are your storing the public and private key within a private directory ?
I do not know your permission model, but it might be broken that way.
alessio
September 13, 2020, 2:23pm
6
To be honest i only tried this directory because i was running out of options and saw sth similar here
I had my key and my certificate in /opt/gvm/ssl/
before
alessio
September 15, 2020, 12:59pm
7
I got the files under /opt/gvm/sbin/..
and changed it in my startup-scripts.
It still doesnt work. I dont understand why my certificate is not accepted. Is there sth i forgot?
alessio
September 15, 2020, 2:59pm
8
Btw is it enough to restart the gsad.service? I did not reboot the server yet
alessio
September 17, 2020, 10:11am
9
im not a fan of rebooting. did it, and it works just fine, no https warning