SSL Configuration

Hello

I am trying to configure SSL on OpenVas Community Edition 22.4 using the method of

Without it working, I’ve read that most recommend using nginx to put the SSL layer in place, but I’d like to be able to do it directly in the app.

Can someone provide me with a guide on how to perform this procedure in the indicated version?

Are you getting some type of error? Check /var/log/gvm/gsad.log.

1 Like

Hello.
The error is.

gsad main:MESSAGE:2022-10-04 13h11.46 utc:174498: Starting GSAD version 22.04.0
gsad main:CRITICAL:2022-10-04 13h11.46 utc:174499: main: start_https_daemon failed!
gsad main:MESSAGE:2022-10-04 13h11.46 utc:174503: Starting GSAD version 22.04.0
gsad main:CRITICAL:2022-10-04 13h11.46 utc:174504: main: start_https_daemon failed!
gsad main:MESSAGE:2022-10-04 13h11.46 utc:174507: Starting GSAD version 22.04.0
gsad main:CRITICAL:2022-10-04 13h11.46 utc:174508: main: start_https_daemon failed!
gsad main:MESSAGE:2022-10-04 13h11.47 utc:174513: Starting GSAD version 22.04.0
gsad main:CRITICAL:2022-10-04 13h11.47 utc:174514: main: start_https_daemon failed!

Thanks for you help.

Check the systemd file to make sure it starts as root, and then runs as user gvm after startup.

2 Likes

My config file is:

[Unit]
Description=Greenbone Security Assistant daemon (gsad)
Documentation=man:gsad(8) https://www.greenbone.net
After=network.target gvmd.service
Wants=gvmd.service

[Service]
Type=forking
#User=gvm
#Group=gvm
RuntimeDirectory=gsad
RuntimeDirectoryMode=2775
PIDFile=/run/gsad/gsad.pid
#ExecStart=/usr/local/sbin/gsad --listen=127.0.0.1 --port=9392 --http-only

ExecStart=/usr/local/sbin/gsad --listen=0.0.0.0 --drop-privileges=gvm --port=443 --rport=80 -k /etc/gvm/server.key -c /etc/gvm/server.csr

Restart=always
TimeoutStopSec=10

[Install]
WantedBy=multi-user.target
Alias=greenbone-security-assistant.service

Your -c option is pointing to the .csr file. That is the certificate request and will not work. The Certificate file normally ends in .crt. Also make sure user gvm has read rights to the cert and key files.

2 Likes

Generate from it .csr a .cer with the CA of the organization and with

openssl x509 -inform DER -in certificate.cer -out certificate.crt

a .crt, I changed it in the settings, but the error persists

Change permissions to .crt and .key and service is ok.

No working external connection and yes working internal connection.

ss -utlpn is ok to 0.0.0.0:443

I don’t understand “no working external connection”. Can you https://yourserverip ?

Your firewall has to allow the inbound connection.

2 Likes

Check the iptables view a PREROUTING rule to localhost to port 443 redirect 9392, delete te rule and openvas ssl working

Thanks for you help.
Greetings from Uruguay

2 Likes