i setup the latest 20.08 release and want to put my own key and certificate with:
Oops, secure memory pool already initialized
i found out its just a warning and i can simply ignore it, however, i started my gsad service again, but i could not see any changes.
/etc/default theres a file
gsad which seems familiar for my use.
There i tried things like
But i did not work.
How can i solve it?
ah, of course i did
gsad --ssl-certificate=... too.
gsad --ssl-private-key=/path/ssl/private.pem was an example only
i tried several service files and several terms like GSA_SSL…, GSAD_SSL…
but nothings seems to work.
has anyone an idea in which directory/file i have to look?
This is my startup script:
Description=Greenbone Security Assistant (gsad)
ExecStart=/opt/gvm/sbin/gsad --drop-privileges=gvm -p 443 -k /opt/gvm/var/lib/gvm/private/CA/private.pem -c /opt/gvm/var/lib/gvm/private/CA/certificate.pem
Should work this way?
But still i am getting a warning on https
Your path is not system-standard, i would configure your system more FHS complaint. Why are your storing the public and private key within a private directory ?
I do not know your permission model, but it might be broken that way.
To be honest i only tried this directory because i was running out of options and saw sth similar here
Port 443 (https) is a privileged port; it can only be binded with root privileges. That’s the reason why you should run gsad via systemd. The process is then started as root to open the privileged port, and then drop it’s privileges to the normal user. Assuming the user gsad should run as is gvmd, you must have a gsad.service system file in your /etc/systemd/system directory.
The gsad.service should contain this:
Description=Job that runs the gsa daemon
I had my key and my certificate in
I got the files under
/opt/gvm/sbin/.. and changed it in my startup-scripts.
It still doesnt work. I dont understand why my certificate is not accepted. Is there sth i forgot?
Btw is it enough to restart the gsad.service? I did not reboot the server yet
im not a fan of rebooting. did it, and it works just fine, no https warning