Hi all,
Recently I’ve been trying to enable SSL certificates on my GVM instance, I generated OpenSSL private key. Next I got a certificate via Active Directory Cert Services and converted it to a pem file.
Then I put the files in the following folders:
/etc/pki/tls/private/privatekey.pem
/etc/pki/tls/cert/cert.pem
And used the following config in the file: “/etc/systemd/system/greenbone-security-assistant.service”:
[Unit]
Description=Greenbone Security Assistant (gsad)
Documentation=man:gsad(8) https://www.greenbone.net
After=network.target
Wants=gvmd.service
[Service]
Type=forking
PIDFile=/var/run/gvm/gsad.pid
WorkingDirectory=/opt/gvm
ExecStart=/usr/sbin/gsad --drop-privileges=gvm -p 443 -k /etc/pki/tls/private/privatekey.pem -c /etc/pki/tls/cert/cert.pem
Restart=on-failure
RestartSec=2min
KillMode=process
KillSignal=SIGINT
GuessMainPID=no
PrivateTmp=true
[Install]
WantedBy=multi-user.target
Though this config breaks my entire system; After a reboot I’m not able to log in and have the following error:
Hang when boot- [sda] Assuming drive cache: write through
Anyone here who knows what causes this to happen, or what would be the solution to make ssl work?
EDIT: I did also use the following commands:
gsad --ssl-private-key=/etc/pki/tls/private/privatekey.pem
gsad --ssl-certificate=/etc/pki/tls/cert/cert.pem
ps: I was already able to revert my changes, so no data got lost.
Kind regards,
Miro
GVM versions
gsad: 21.4.3 (‘gsad --version’)
gvmd: 21.4.4 (‘gvmd --version’)
openvas-scanner: 21.4.3 (‘openvas --version’, in older GVM versions < 11: ‘openvassd --version’)
gvm-libs: 21.4.3
Environment
Operating system: Red Hat Enterprise Linux 8.5
Kernel: 4.18.0-348.20.1.el8_5.x86_64
Installation method / source: How to install OpenVAS on Red Hat Linux (ceos3c.com)