Certificate verification always fails for GMP Scanners

I am trying to install GSE 20.08 in a configuration where all instances have GSA installed and available, and there is one Master instance able to remote jobs onto all other instances.

The configuration for this seems to be undocumented for 20.08 specifically, there is “Master and slave architecture”, but this one is to use OpenVAS as a sensor, instead of another GVMd instance, which means that scans ordered by the Master will not show up in the web interface of the slaves.

I have tried to follow the instructions available at https://github.com/falkowich/gvm10-docker, however they only seem to result in one thing: the certificate is never trusted.

I cannot say why exactly, as gnutls, when given the cacert manually (both the one copied from the slave, and the one extracted from postgres after specifying the cacert with --modify-scanner), seems to agree that the certificate is valid:

root@b013400d2034:/tmp# gnutls-cli --x509cafile /data/certs/CA/slave-cacert.pem da9de6a09601 -p 9390
Processed 1 CA certificate(s).
Resolving 'da9de6a09601:9390'...
Connecting to '10.88.0.26:9390'...
- Certificate type: X.509
- Got a certificate list of 1 certificates.
- Certificate[0] info:
 - subject `C=DE,L=Osnabrueck,O=GVM Users,CN=da9de6a09601', issuer `C=DE,L=Osnabrueck,O=GVM Users,OU=Certificate Authority for da9de6a09601', serial 0x5c80618396fc05e8dae22e2c4f5ab32aac3583c1, RSA key 3072 bits, signed using RSA-SHA256, activated `2020-11-29 02:11:39 UTC', expires `2022-11-29 02:11:39 UTC', pin-sha256="yBEVjCWfjS28b8JfZRdUQyTdLPQOqZeUT5N4R3uFfdE="
        Public Key ID:
                sha1:9d9c3a574989162823fa010410ea27e226cd795b
                sha256:c811158c259f8d2dbc6fc25f6517544324dd2cf40ea997944f9378477b857dd1
        Public Key PIN:
                pin-sha256:yBEVjCWfjS28b8JfZRdUQyTdLPQOqZeUT5N4R3uFfdE=

- Status: The certificate is trusted.
- Successfully sent 0 certificate(s) to server.
- Description: (TLS1.2-X.509)-(ECDHE-SECP256R1)-(RSA-SHA256)-(AES-256-GCM)
- Session ID: B9:44:87:1A:03:56:A0:9C:9B:5A:D1:45:A4:50:4F:0B:5F:0C:30:48:DD:45:8C:09:2B:6E:C4:FA:72:26:38:89
- Options: extended master secret, safe renegotiation,
- Handshake was completed

However, GVM does not seem happy about the certificate. No matter how many combinations of certificate changes, shared root CAs, modified parameters, disabling TLS1.3, and everything in between, the output is always a “Certificate is not trusted.”

Output of --verify-scanner, with GNUTLS_DEBUG_LEVEL set to 9999 (Click to expand)
root@b013400d2034:/tmp# su -c "GNUTLS_DEBUG_LEVEL=9999 gvmd --verify-scanner=ce8b3f0d-14b3-4c19-99d9-91bed6fb0c8e" gvm
gnutls[2]: Enabled GnuTLS 3.6.13 logging...
gnutls[2]: getrandom random generator was detected
gnutls[2]: Intel SSSE3 was detected
gnutls[2]: Intel AES accelerator was detected
gnutls[2]: Intel GCM accelerator (AVX) was detected
gnutls[2]: cfg: unable to access: /etc/gnutls/config: 2
gnutls[5]: REC[0x55c6407f6fb0]: Allocating epoch #0
gnutls[2]: added 6 protocols, 29 ciphersuites, 19 sig algos and 10 groups into priority list
gnutls[5]: REC[0x55c6407f6fb0]: Allocating epoch #1
gnutls[4]: HSK[0x55c6407f6fb0]: Adv. version: 3.3
gnutls[2]: Keeping ciphersuite 13.02 (GNUTLS_AES_256_GCM_SHA384)
gnutls[2]: Keeping ciphersuite 13.03 (GNUTLS_CHACHA20_POLY1305_SHA256)
gnutls[2]: Keeping ciphersuite 13.01 (GNUTLS_AES_128_GCM_SHA256)
gnutls[2]: Keeping ciphersuite 13.04 (GNUTLS_AES_128_CCM_SHA256)
gnutls[2]: Keeping ciphersuite c0.2c (GNUTLS_ECDHE_ECDSA_AES_256_GCM_SHA384)
gnutls[2]: Keeping ciphersuite cc.a9 (GNUTLS_ECDHE_ECDSA_CHACHA20_POLY1305)
gnutls[2]: Keeping ciphersuite c0.ad (GNUTLS_ECDHE_ECDSA_AES_256_CCM)
gnutls[2]: Keeping ciphersuite c0.0a (GNUTLS_ECDHE_ECDSA_AES_256_CBC_SHA1)
gnutls[2]: Keeping ciphersuite c0.2b (GNUTLS_ECDHE_ECDSA_AES_128_GCM_SHA256)
gnutls[2]: Keeping ciphersuite c0.ac (GNUTLS_ECDHE_ECDSA_AES_128_CCM)
gnutls[2]: Keeping ciphersuite c0.09 (GNUTLS_ECDHE_ECDSA_AES_128_CBC_SHA1)
gnutls[2]: Keeping ciphersuite c0.30 (GNUTLS_ECDHE_RSA_AES_256_GCM_SHA384)
gnutls[2]: Keeping ciphersuite cc.a8 (GNUTLS_ECDHE_RSA_CHACHA20_POLY1305)
gnutls[2]: Keeping ciphersuite c0.14 (GNUTLS_ECDHE_RSA_AES_256_CBC_SHA1)
gnutls[2]: Keeping ciphersuite c0.2f (GNUTLS_ECDHE_RSA_AES_128_GCM_SHA256)
gnutls[2]: Keeping ciphersuite c0.13 (GNUTLS_ECDHE_RSA_AES_128_CBC_SHA1)
gnutls[2]: Keeping ciphersuite 00.9d (GNUTLS_RSA_AES_256_GCM_SHA384)
gnutls[2]: Keeping ciphersuite c0.9d (GNUTLS_RSA_AES_256_CCM)
gnutls[2]: Keeping ciphersuite 00.35 (GNUTLS_RSA_AES_256_CBC_SHA1)
gnutls[2]: Keeping ciphersuite 00.9c (GNUTLS_RSA_AES_128_GCM_SHA256)
gnutls[2]: Keeping ciphersuite c0.9c (GNUTLS_RSA_AES_128_CCM)
gnutls[2]: Keeping ciphersuite 00.2f (GNUTLS_RSA_AES_128_CBC_SHA1)
gnutls[2]: Keeping ciphersuite 00.9f (GNUTLS_DHE_RSA_AES_256_GCM_SHA384)
gnutls[2]: Keeping ciphersuite cc.aa (GNUTLS_DHE_RSA_CHACHA20_POLY1305)
gnutls[2]: Keeping ciphersuite c0.9f (GNUTLS_DHE_RSA_AES_256_CCM)
gnutls[2]: Keeping ciphersuite 00.39 (GNUTLS_DHE_RSA_AES_256_CBC_SHA1)
gnutls[2]: Keeping ciphersuite 00.9e (GNUTLS_DHE_RSA_AES_128_GCM_SHA256)
gnutls[2]: Keeping ciphersuite c0.9e (GNUTLS_DHE_RSA_AES_128_CCM)
gnutls[2]: Keeping ciphersuite 00.33 (GNUTLS_DHE_RSA_AES_128_CBC_SHA1)
gnutls[4]: EXT[0x55c6407f6fb0]: Preparing extension (OCSP Status Request/5) for 'client hello'
gnutls[4]: EXT[0x55c6407f6fb0]: Sending extension OCSP Status Request/5 (5 bytes)
gnutls[4]: EXT[0x55c6407f6fb0]: Preparing extension (Client Certificate Type/19) for 'client hello'
gnutls[4]: EXT[0x55c6407f6fb0]: Preparing extension (Server Certificate Type/20) for 'client hello'
gnutls[4]: EXT[0x55c6407f6fb0]: Preparing extension (Supported Groups/10) for 'client hello'
gnutls[4]: EXT[0x55c6407f6fb0]: Sent group SECP256R1 (0x17)
gnutls[4]: EXT[0x55c6407f6fb0]: Sent group SECP384R1 (0x18)
gnutls[4]: EXT[0x55c6407f6fb0]: Sent group SECP521R1 (0x19)
gnutls[4]: EXT[0x55c6407f6fb0]: Sent group X25519 (0x1d)
gnutls[4]: EXT[0x55c6407f6fb0]: Sent group X448 (0x1e)
gnutls[4]: EXT[0x55c6407f6fb0]: Sent group FFDHE2048 (0x100)
gnutls[4]: EXT[0x55c6407f6fb0]: Sent group FFDHE3072 (0x101)
gnutls[4]: EXT[0x55c6407f6fb0]: Sent group FFDHE4096 (0x102)
gnutls[4]: EXT[0x55c6407f6fb0]: Sent group FFDHE6144 (0x103)
gnutls[4]: EXT[0x55c6407f6fb0]: Sent group FFDHE8192 (0x104)
gnutls[4]: EXT[0x55c6407f6fb0]: Sending extension Supported Groups/10 (22 bytes)
gnutls[4]: EXT[0x55c6407f6fb0]: Preparing extension (Supported EC Point Formats/11) for 'client hello'
gnutls[4]: EXT[0x55c6407f6fb0]: Sending extension Supported EC Point Formats/11 (2 bytes)
gnutls[4]: EXT[0x55c6407f6fb0]: Preparing extension (SRP/12) for 'client hello'
gnutls[4]: EXT[0x55c6407f6fb0]: Preparing extension (Signature Algorithms/13) for 'client hello'
gnutls[4]: EXT[0x55c6407f6fb0]: sent signature algo (4.1) RSA-SHA256
gnutls[4]: EXT[0x55c6407f6fb0]: sent signature algo (8.9) RSA-PSS-SHA256
gnutls[4]: EXT[0x55c6407f6fb0]: sent signature algo (8.4) RSA-PSS-RSAE-SHA256
gnutls[4]: EXT[0x55c6407f6fb0]: sent signature algo (4.3) ECDSA-SHA256
gnutls[4]: EXT[0x55c6407f6fb0]: sent signature algo (8.7) EdDSA-Ed25519
gnutls[4]: EXT[0x55c6407f6fb0]: sent signature algo (5.1) RSA-SHA384
gnutls[4]: EXT[0x55c6407f6fb0]: sent signature algo (8.10) RSA-PSS-SHA384
gnutls[4]: EXT[0x55c6407f6fb0]: sent signature algo (8.5) RSA-PSS-RSAE-SHA384
gnutls[4]: EXT[0x55c6407f6fb0]: sent signature algo (5.3) ECDSA-SHA384
gnutls[4]: EXT[0x55c6407f6fb0]: sent signature algo (8.8) EdDSA-Ed448
gnutls[4]: EXT[0x55c6407f6fb0]: sent signature algo (6.1) RSA-SHA512
gnutls[4]: EXT[0x55c6407f6fb0]: sent signature algo (8.11) RSA-PSS-SHA512
gnutls[4]: EXT[0x55c6407f6fb0]: sent signature algo (8.6) RSA-PSS-RSAE-SHA512
gnutls[4]: EXT[0x55c6407f6fb0]: sent signature algo (6.3) ECDSA-SHA512
gnutls[4]: EXT[0x55c6407f6fb0]: sent signature algo (2.1) RSA-SHA1
gnutls[4]: EXT[0x55c6407f6fb0]: sent signature algo (2.3) ECDSA-SHA1
gnutls[4]: EXT[0x55c6407f6fb0]: Sending extension Signature Algorithms/13 (34 bytes)
gnutls[4]: EXT[0x55c6407f6fb0]: Preparing extension (SRTP/14) for 'client hello'
gnutls[4]: EXT[0x55c6407f6fb0]: Preparing extension (Heartbeat/15) for 'client hello'
gnutls[4]: EXT[0x55c6407f6fb0]: Preparing extension (ALPN/16) for 'client hello'
gnutls[4]: EXT[0x55c6407f6fb0]: Preparing extension (Encrypt-then-MAC/22) for 'client hello'
gnutls[4]: EXT[0x55c6407f6fb0]: Sending extension Encrypt-then-MAC/22 (0 bytes)
gnutls[4]: EXT[0x55c6407f6fb0]: Preparing extension (Extended Master Secret/23) for 'client hello'
gnutls[4]: EXT[0x55c6407f6fb0]: Sending extension Extended Master Secret/23 (0 bytes)
gnutls[4]: EXT[0x55c6407f6fb0]: Preparing extension (Session Ticket/35) for 'client hello'
gnutls[4]: EXT[0x55c6407f6fb0]: Sending extension Session Ticket/35 (0 bytes)
gnutls[4]: EXT[0x55c6407f6fb0]: Preparing extension (Key Share/51) for 'client hello'
gnutls[4]: EXT[0x55c6407f6fb0]: sending key share for SECP256R1
gnutls[4]: EXT[0x55c6407f6fb0]: sending key share for X25519
gnutls[4]: EXT[0x55c6407f6fb0]: Sending extension Key Share/51 (107 bytes)
gnutls[4]: EXT[0x55c6407f6fb0]: Preparing extension (Supported Versions/43) for 'client hello'
gnutls[2]: Advertizing version 3.4
gnutls[2]: Advertizing version 3.3
gnutls[2]: Advertizing version 3.2
gnutls[2]: Advertizing version 3.1
gnutls[4]: EXT[0x55c6407f6fb0]: Sending extension Supported Versions/43 (9 bytes)
gnutls[4]: EXT[0x55c6407f6fb0]: Preparing extension (Post Handshake Auth/49) for 'client hello'
gnutls[4]: EXT[0x55c6407f6fb0]: Preparing extension (Safe Renegotiation/65281) for 'client hello'
gnutls[4]: EXT[0x55c6407f6fb0]: Sending extension Safe Renegotiation/65281 (1 bytes)
gnutls[4]: EXT[0x55c6407f6fb0]: Preparing extension (Server Name Indication/0) for 'client hello'
gnutls[4]: EXT[0x55c6407f6fb0]: Preparing extension (Cookie/44) for 'client hello'
gnutls[4]: EXT[0x55c6407f6fb0]: Preparing extension (Early Data/42) for 'client hello'
gnutls[4]: EXT[0x55c6407f6fb0]: Preparing extension (PSK Key Exchange Modes/45) for 'client hello'
gnutls[4]: EXT[0x55c6407f6fb0]: Sending extension PSK Key Exchange Modes/45 (3 bytes)
gnutls[4]: EXT[0x55c6407f6fb0]: Preparing extension (Record Size Limit/28) for 'client hello'
gnutls[4]: EXT[0x55c6407f6fb0]: Sending extension Record Size Limit/28 (2 bytes)
gnutls[4]: EXT[0x55c6407f6fb0]: Preparing extension (Maximum Record Size/1) for 'client hello'
gnutls[4]: EXT[0x55c6407f6fb0]: Preparing extension (ClientHello Padding/21) for 'client hello'
gnutls[4]: EXT[0x55c6407f6fb0]: Preparing extension (Pre Shared Key/41) for 'client hello'
gnutls[4]: HSK[0x55c6407f6fb0]: CLIENT HELLO was queued [336 bytes]
gnutls[11]: HWRITE: enqueued [CLIENT HELLO] 336. Total 336 bytes.
gnutls[11]: HWRITE FLUSH: 336 bytes in buffer.
gnutls[5]: REC[0x55c6407f6fb0]: Preparing Packet Handshake(22) with length: 336 and min pad: 0
gnutls[9]: ENC[0x55c6407f6fb0]: cipher: NULL, MAC: MAC-NULL, Epoch: 0
gnutls[11]: WRITE: enqueued 341 bytes for 0x7. Total 341 bytes.
gnutls[5]: REC[0x55c6407f6fb0]: Sent Packet[1] Handshake(22) in epoch 0 and length: 341
gnutls[11]: HWRITE: wrote 1 bytes, 0 bytes left.
gnutls[11]: WRITE FLUSH: 341 bytes in buffer.
gnutls[11]: WRITE: wrote 341 bytes, 0 bytes left.
gnutls[3]: ASSERT: ../../lib/buffers.c[get_last_packet]:1168
gnutls[10]: READ: Got 5 bytes from 0x7
gnutls[10]: READ: read 5 bytes from 0x7
gnutls[10]: RB: Have 0 bytes into buffer. Adding 5 bytes.
gnutls[10]: RB: Requested 5 bytes
gnutls[5]: REC[0x55c6407f6fb0]: SSL 3.3 Handshake packet received. Epoch 0, length: 97
gnutls[5]: REC[0x55c6407f6fb0]: Expected Packet Handshake(22)
gnutls[5]: REC[0x55c6407f6fb0]: Received Packet Handshake(22) with length: 97
gnutls[10]: READ: Got 97 bytes from 0x7
gnutls[10]: READ: read 97 bytes from 0x7
gnutls[10]: RB: Have 5 bytes into buffer. Adding 97 bytes.
gnutls[10]: RB: Requested 102 bytes
gnutls[5]: REC[0x55c6407f6fb0]: Decrypted Packet[0] Handshake(22) with length: 97
gnutls[13]: BUF[REC]: Inserted 97 bytes of Data(22)
gnutls[4]: HSK[0x55c6407f6fb0]: SERVER HELLO (2) was received. Length 93[93], frag offset 0, frag length: 93, sequence: 0
gnutls[3]: ASSERT: ../../lib/buffers.c[get_last_packet]:1159
gnutls[3]: ASSERT: ../../lib/buffers.c[_gnutls_handshake_io_recv_int]:1411
gnutls[4]: HSK[0x55c6407f6fb0]: Server's version: 3.3
gnutls[4]: HSK[0x55c6407f6fb0]: SessionID length: 32
gnutls[4]: HSK[0x55c6407f6fb0]: SessionID: 8304d983cfe39417a89e41decc3fdbdf123b574a398ecd5eddc20a721c7dbff8
gnutls[4]: HSK[0x55c6407f6fb0]: Selected cipher suite: GNUTLS_ECDHE_RSA_AES_256_GCM_SHA384
gnutls[4]: EXT[0x55c6407f6fb0]: Parsing extension 'Extended Master Secret/23' (0 bytes)
gnutls[4]: EXT[0x55c6407f6fb0]: Parsing extension 'Safe Renegotiation/65281' (1 bytes)
gnutls[4]: EXT[0x55c6407f6fb0]: Parsing extension 'Record Size Limit/28' (2 bytes)
gnutls[4]: EXT[0x55c6407f6fb0]: record_size_limit 16384 negotiated
gnutls[4]: EXT[0x55c6407f6fb0]: Parsing extension 'Supported EC Point Formats/11' (2 bytes)
gnutls[4]: HSK[0x55c6407f6fb0]: Safe renegotiation succeeded
gnutls[3]: ASSERT: ../../lib/buffers.c[get_last_packet]:1168
gnutls[10]: READ: Got 5 bytes from 0x7
gnutls[10]: READ: read 5 bytes from 0x7
gnutls[10]: RB: Have 0 bytes into buffer. Adding 5 bytes.
gnutls[10]: RB: Requested 5 bytes
gnutls[5]: REC[0x55c6407f6fb0]: SSL 3.3 Handshake packet received. Epoch 0, length: 1222
gnutls[5]: REC[0x55c6407f6fb0]: Expected Packet Handshake(22)
gnutls[5]: REC[0x55c6407f6fb0]: Received Packet Handshake(22) with length: 1222
gnutls[10]: READ: Got 1222 bytes from 0x7
gnutls[10]: READ: read 1222 bytes from 0x7
gnutls[10]: RB: Have 5 bytes into buffer. Adding 1222 bytes.
gnutls[10]: RB: Requested 1227 bytes
gnutls[5]: REC[0x55c6407f6fb0]: Decrypted Packet[1] Handshake(22) with length: 1222
gnutls[13]: BUF[REC]: Inserted 1222 bytes of Data(22)
gnutls[4]: HSK[0x55c6407f6fb0]: CERTIFICATE (11) was received. Length 1218[1218], frag offset 0, frag length: 1218, sequence: 0
gnutls[3]: ASSERT: ../../lib/buffers.c[get_last_packet]:1168
gnutls[10]: READ: Got 5 bytes from 0x7
gnutls[10]: READ: read 5 bytes from 0x7
gnutls[10]: RB: Have 0 bytes into buffer. Adding 5 bytes.
gnutls[10]: RB: Requested 5 bytes
gnutls[5]: REC[0x55c6407f6fb0]: SSL 3.3 Handshake packet received. Epoch 0, length: 461
gnutls[5]: REC[0x55c6407f6fb0]: Expected Packet Handshake(22)
gnutls[5]: REC[0x55c6407f6fb0]: Received Packet Handshake(22) with length: 461
gnutls[10]: READ: Got 461 bytes from 0x7
gnutls[10]: READ: read 461 bytes from 0x7
gnutls[10]: RB: Have 5 bytes into buffer. Adding 461 bytes.
gnutls[10]: RB: Requested 466 bytes
gnutls[5]: REC[0x55c6407f6fb0]: Decrypted Packet[2] Handshake(22) with length: 461
gnutls[13]: BUF[REC]: Inserted 461 bytes of Data(22)
gnutls[4]: HSK[0x55c6407f6fb0]: SERVER KEY EXCHANGE (12) was received. Length 457[457], frag offset 0, frag length: 457, sequence: 0
gnutls[2]: received curve SECP256R1
gnutls[4]: HSK[0x55c6407f6fb0]: Selected group SECP256R1 (2)
gnutls[4]: HSK[0x55c6407f6fb0]: verify TLS 1.2 handshake data: using RSA-SHA256
gnutls[3]: ASSERT: ../../lib/buffers.c[get_last_packet]:1168
gnutls[10]: READ: Got 5 bytes from 0x7
gnutls[10]: READ: read 5 bytes from 0x7
gnutls[10]: RB: Have 0 bytes into buffer. Adding 5 bytes.
gnutls[10]: RB: Requested 5 bytes
gnutls[5]: REC[0x55c6407f6fb0]: SSL 3.3 Handshake packet received. Epoch 0, length: 151
gnutls[5]: REC[0x55c6407f6fb0]: Expected Packet Handshake(22)
gnutls[5]: REC[0x55c6407f6fb0]: Received Packet Handshake(22) with length: 151
gnutls[10]: READ: Got 151 bytes from 0x7
gnutls[10]: READ: read 151 bytes from 0x7
gnutls[10]: RB: Have 5 bytes into buffer. Adding 151 bytes.
gnutls[10]: RB: Requested 156 bytes
gnutls[5]: REC[0x55c6407f6fb0]: Decrypted Packet[3] Handshake(22) with length: 151
gnutls[13]: BUF[REC]: Inserted 151 bytes of Data(22)
gnutls[4]: HSK[0x55c6407f6fb0]: CERTIFICATE REQUEST (13) was received. Length 147[147], frag offset 0, frag length: 147, sequence: 0
gnutls[4]: EXT[0x55c6407f6fb0]: rcvd signature algo (4.1) RSA-SHA256
gnutls[4]: EXT[0x55c6407f6fb0]: rcvd signature algo (8.9) RSA-PSS-SHA256
gnutls[4]: EXT[0x55c6407f6fb0]: rcvd signature algo (8.4) RSA-PSS-RSAE-SHA256
gnutls[4]: EXT[0x55c6407f6fb0]: rcvd signature algo (4.3) ECDSA-SHA256
gnutls[4]: EXT[0x55c6407f6fb0]: rcvd signature algo (8.7) EdDSA-Ed25519
gnutls[4]: EXT[0x55c6407f6fb0]: rcvd signature algo (5.1) RSA-SHA384
gnutls[4]: EXT[0x55c6407f6fb0]: rcvd signature algo (8.10) RSA-PSS-SHA384
gnutls[4]: EXT[0x55c6407f6fb0]: rcvd signature algo (8.5) RSA-PSS-RSAE-SHA384
gnutls[4]: EXT[0x55c6407f6fb0]: rcvd signature algo (5.3) ECDSA-SHA384
gnutls[4]: EXT[0x55c6407f6fb0]: rcvd signature algo (8.8) EdDSA-Ed448
gnutls[4]: EXT[0x55c6407f6fb0]: rcvd signature algo (6.1) RSA-SHA512
gnutls[4]: EXT[0x55c6407f6fb0]: rcvd signature algo (8.11) RSA-PSS-SHA512
gnutls[4]: EXT[0x55c6407f6fb0]: rcvd signature algo (8.6) RSA-PSS-RSAE-SHA512
gnutls[4]: EXT[0x55c6407f6fb0]: rcvd signature algo (6.3) ECDSA-SHA512
gnutls[4]: EXT[0x55c6407f6fb0]: rcvd signature algo (2.1) RSA-SHA1
gnutls[4]: EXT[0x55c6407f6fb0]: rcvd signature algo (2.3) ECDSA-SHA1
gnutls[3]: Peer requested CA: C=DE,L=Osnabrueck,O=GVM Users,OU=Certificate Authority for da9de6a09601
gnutls[3]: ASSERT: ../../../lib/auth/cert.c[find_x509_client_cert]:215
gnutls[3]: ASSERT: ../../lib/buffers.c[get_last_packet]:1168
gnutls[10]: READ: Got 5 bytes from 0x7
gnutls[10]: READ: read 5 bytes from 0x7
gnutls[10]: RB: Have 0 bytes into buffer. Adding 5 bytes.
gnutls[10]: RB: Requested 5 bytes
gnutls[5]: REC[0x55c6407f6fb0]: SSL 3.3 Handshake packet received. Epoch 0, length: 4
gnutls[5]: REC[0x55c6407f6fb0]: Expected Packet Handshake(22)
gnutls[5]: REC[0x55c6407f6fb0]: Received Packet Handshake(22) with length: 4
gnutls[10]: READ: Got 4 bytes from 0x7
gnutls[10]: READ: read 4 bytes from 0x7
gnutls[10]: RB: Have 5 bytes into buffer. Adding 4 bytes.
gnutls[10]: RB: Requested 9 bytes
gnutls[5]: REC[0x55c6407f6fb0]: Decrypted Packet[4] Handshake(22) with length: 4
gnutls[13]: BUF[REC]: Inserted 4 bytes of Data(22)
gnutls[4]: HSK[0x55c6407f6fb0]: SERVER HELLO DONE (14) was received. Length 0[0], frag offset 0, frag length: 0, sequence: 0
gnutls[4]: HSK[0x55c6407f6fb0]: CERTIFICATE was queued [7 bytes]
gnutls[11]: HWRITE: enqueued [CERTIFICATE] 7. Total 7 bytes.
gnutls[4]: HSK[0x55c6407f6fb0]: CLIENT KEY EXCHANGE was queued [70 bytes]
gnutls[11]: HWRITE: enqueued [CLIENT KEY EXCHANGE] 70. Total 77 bytes.
gnutls[11]: HWRITE: enqueued [CHANGE CIPHER SPEC] 1. Total 78 bytes.
gnutls[4]: REC[0x55c6407f6fb0]: Sent ChangeCipherSpec
gnutls[9]: INT: PREMASTER SECRET[32]: 9aae1f52ce1f831d47c858fb573d8984a92d7a6999f7d84ac50de1abc3c7d99e
gnutls[9]: INT: CLIENT RANDOM[32]: c73b5998bc3af19a6dec82f88ef6c0aaafbf37c67a6eceb8c090c39d791d3c02
gnutls[9]: INT: SERVER RANDOM[32]: bd1b36c2fa91b2c630cef7e6dde705474736a66ea7ba14e40cf8e81619487744
gnutls[9]: INT: MASTER SECRET[48]: 06149d224fcc6c1239574bf2651b91233b8282779f378cddda00ec9f5b779a11b46fe6986354399ea13d323cd29ac73e
gnutls[5]: REC[0x55c6407f6fb0]: Initializing epoch #1
gnutls[9]: INT: KEY BLOCK[72]: 0372bc92c883005fcf2120e94d1ddb525e74e442085364be6aadba78f1ca351e1ce4ea3a357278d3325c6c0fb399370f3e7760864a75de8c12de21c8f69849c532c0c7bc76e22aeb
gnutls[9]: INT: CLIENT WRITE KEY [32]: 0372bc92c883005fcf2120e94d1ddb525e74e442085364be6aadba78f1ca351e
gnutls[9]: INT: SERVER WRITE KEY [32]: 1ce4ea3a357278d3325c6c0fb399370f3e7760864a75de8c12de21c8f69849c5
gnutls[9]: INT: CLIENT WRITE IV [4]: 32c0c7bc
gnutls[9]: INT: SERVER WRITE IV [4]: 76e22aeb
gnutls[5]: REC[0x55c6407f6fb0]: Epoch #1 ready
gnutls[4]: HSK[0x55c6407f6fb0]: Cipher Suite: GNUTLS_ECDHE_RSA_AES_256_GCM_SHA384
gnutls[4]: HSK[0x55c6407f6fb0]: Initializing internal [write] cipher sessions
gnutls[4]: HSK[0x55c6407f6fb0]: recording tls-unique CB (send)
gnutls[4]: HSK[0x55c6407f6fb0]: FINISHED was queued [16 bytes]
gnutls[11]: HWRITE: enqueued [FINISHED] 16. Total 94 bytes.
gnutls[11]: HWRITE FLUSH: 94 bytes in buffer.
gnutls[5]: REC[0x55c6407f6fb0]: Preparing Packet Handshake(22) with length: 7 and min pad: 0
gnutls[9]: ENC[0x55c6407f6fb0]: cipher: NULL, MAC: MAC-NULL, Epoch: 0
gnutls[11]: WRITE: enqueued 12 bytes for 0x7. Total 12 bytes.
gnutls[5]: REC[0x55c6407f6fb0]: Sent Packet[2] Handshake(22) in epoch 0 and length: 12
gnutls[11]: HWRITE: wrote 1 bytes, 87 bytes left.
gnutls[5]: REC[0x55c6407f6fb0]: Preparing Packet Handshake(22) with length: 70 and min pad: 0
gnutls[9]: ENC[0x55c6407f6fb0]: cipher: NULL, MAC: MAC-NULL, Epoch: 0
gnutls[11]: WRITE: enqueued 75 bytes for 0x7. Total 87 bytes.
gnutls[5]: REC[0x55c6407f6fb0]: Sent Packet[3] Handshake(22) in epoch 0 and length: 75
gnutls[11]: HWRITE: wrote 1 bytes, 17 bytes left.
gnutls[5]: REC[0x55c6407f6fb0]: Preparing Packet ChangeCipherSpec(20) with length: 1 and min pad: 0
gnutls[9]: ENC[0x55c6407f6fb0]: cipher: NULL, MAC: MAC-NULL, Epoch: 0
gnutls[11]: WRITE: enqueued 6 bytes for 0x7. Total 93 bytes.
gnutls[5]: REC[0x55c6407f6fb0]: Sent Packet[4] ChangeCipherSpec(20) in epoch 0 and length: 6
gnutls[11]: HWRITE: wrote 1 bytes, 16 bytes left.
gnutls[5]: REC[0x55c6407f6fb0]: Preparing Packet Handshake(22) with length: 16 and min pad: 0
gnutls[9]: ENC[0x55c6407f6fb0]: cipher: AES-256-GCM, MAC: AEAD, Epoch: 1
gnutls[11]: WRITE: enqueued 45 bytes for 0x7. Total 138 bytes.
gnutls[5]: REC[0x55c6407f6fb0]: Sent Packet[1] Handshake(22) in epoch 1 and length: 45
gnutls[11]: HWRITE: wrote 1 bytes, 0 bytes left.
gnutls[11]: WRITE FLUSH: 138 bytes in buffer.
gnutls[11]: WRITE: wrote 138 bytes, 0 bytes left.
gnutls[10]: READ: Got 5 bytes from 0x7
gnutls[10]: READ: read 5 bytes from 0x7
gnutls[10]: RB: Have 0 bytes into buffer. Adding 5 bytes.
gnutls[10]: RB: Requested 5 bytes
gnutls[5]: REC[0x55c6407f6fb0]: SSL 3.3 ChangeCipherSpec packet received. Epoch 0, length: 1
gnutls[5]: REC[0x55c6407f6fb0]: Expected Packet ChangeCipherSpec(20)
gnutls[5]: REC[0x55c6407f6fb0]: Received Packet ChangeCipherSpec(20) with length: 1
gnutls[10]: READ: Got 1 bytes from 0x7
gnutls[10]: READ: read 1 bytes from 0x7
gnutls[10]: RB: Have 5 bytes into buffer. Adding 1 bytes.
gnutls[10]: RB: Requested 6 bytes
gnutls[5]: REC[0x55c6407f6fb0]: Decrypted Packet[5] ChangeCipherSpec(20) with length: 1
gnutls[13]: BUF[REC]: Inserted 1 bytes of Data(20)
gnutls[4]: HSK[0x55c6407f6fb0]: Cipher Suite: GNUTLS_ECDHE_RSA_AES_256_GCM_SHA384
gnutls[3]: ASSERT: ../../lib/buffers.c[get_last_packet]:1168
gnutls[10]: READ: Got 5 bytes from 0x7
gnutls[10]: READ: read 5 bytes from 0x7
gnutls[10]: RB: Have 0 bytes into buffer. Adding 5 bytes.
gnutls[10]: RB: Requested 5 bytes
gnutls[5]: REC[0x55c6407f6fb0]: SSL 3.3 Handshake packet received. Epoch 1, length: 40
gnutls[5]: REC[0x55c6407f6fb0]: Expected Packet Handshake(22)
gnutls[5]: REC[0x55c6407f6fb0]: Received Packet Handshake(22) with length: 40
gnutls[10]: READ: Got 40 bytes from 0x7
gnutls[10]: READ: read 40 bytes from 0x7
gnutls[10]: RB: Have 5 bytes into buffer. Adding 40 bytes.
gnutls[10]: RB: Requested 45 bytes
gnutls[5]: REC[0x55c6407f6fb0]: Decrypted Packet[0] Handshake(22) with length: 16
gnutls[13]: BUF[REC]: Inserted 16 bytes of Data(22)
gnutls[4]: HSK[0x55c6407f6fb0]: FINISHED (20) was received. Length 12[12], frag offset 0, frag length: 12, sequence: 0
gnutls[13]: BUF[HSK]: Emptied buffer
gnutls[13]: BUF[HSK]: Emptied buffer
gnutls[5]: REC[0x55c6407f6fb0]: Start of epoch cleanup
gnutls[5]: REC[0x55c6407f6fb0]: Epoch #0 freed
gnutls[5]: REC[0x55c6407f6fb0]: End of epoch cleanup
gnutls[3]: ASSERT: ../../lib/ocsp-api.c[gnutls_ocsp_status_request_get2]:98
gnutls[3]: ASSERT: ../../../lib/x509/verify.c[verify_crt]:678
gnutls[3]: ASSERT: ../../../lib/x509/verify.c[verify_crt]:830
gnutls[3]: ASSERT: ../../../lib/x509/verify.c[_gnutls_verify_crt_status]:1022
gnutls[2]: issuer in verification was not found or insecure; trying against trust list
gnutls[3]: ASSERT: ../../../lib/x509/verify.c[verify_crt]:678
gnutls[3]: ASSERT: ../../../lib/x509/verify.c[verify_crt]:830
gnutls[3]: ASSERT: ../../../lib/x509/verify.c[_gnutls_verify_crt_status]:1022
gnutls[3]: ASSERT: ../../../lib/x509/verify-high.c[gnutls_x509_trust_list_verify_crt2]:1366
Failed to verify scanner.

Is there something I’m missing, or is my approach just straight up invalid?

I tried using OpenVAS as the scanner, however the scans and results do not show up in the slave GSA.

Thanks.

GVM Version details (Click to expand)

gsad:

Greenbone Security Assistant 20.08.0

gvmd:

Greenbone Vulnerability Manager 20.08.0
Manager DB revision 233
Copyright (C) 2010-2020 Greenbone Networks GmbH
License: AGPL-3.0-or-later
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

openvas-scanner:

OpenVAS 20.8.0
gvm-libs 20.8.0
Most new code since 2005: (C) 2020 Greenbone Networks GmbH
Nessus origin: (C) 2004 Renaud Deraison <deraison@nessus.org>
License GPLv2: GNU GPL version 2
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

gvm-libs: gvm-libs 20.8.0

Environment

Operating system:
Kernel:
Linux b013400d2034 4.19.128-microsoft-standard #1 SMP Tue Jun 23 12:58:10 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux
(Podman in WSL Ubuntu)
Installation method / source:
Podman install of securecompliance/gvm