1OPENVASU-sMeArNAmGaEn-uCaElRTfSo(r1)the Open Vulnerability AssessmentOSPyEsNtVeAmS-(MOApNeAnGVEA-SC)ERTS(1)
2
3
4

NAME

6       openvas-manage-certs - manage certificate infrastructure for an OpenVAS
7       installation
8

SYNOPSIS

10       openvas-manage-certs [OPTION]...
11

DESCRIPTION

13       openvas-manage-certs manages  the  certificate  infrastructure  for  an
14       OpenVAS  installation.   The certificate infrastructure enables OpenVAS
15       daemons to communicate in a secure manner and is used  for  authentica‐
16       tion  and authorization before establishing TLS connections between the
17       daemons.
18
19       The  OpenVAS  certificate  infrastructure  consists  of  a  certificate
20       authority  (CA)  which  is  trusted by all OpenVAS daemons.  This CA is
21       then used to sign certificates used by the various daemons.   The  cer‐
22       tificates can be divided into two use cases:
23
24       ·  Server certificates, primarily used for authentication
25
26       ·  Client certificates, primarily used for authorization
27
28       openvas-manage-certs  can  perform  an  automatic creation of a default
29       certificate infrastructure for a standard OpenVAS installation.  It can
30       also  verify an existing infrastructure and perform various certificate
31       related tasks to support the setup of a more complex infrastructure.
32

OPTIONS

34   Certificate infrastructure management
35       -a     Automatically set up default infrastructure for OpenVAS
36
37       -V     Verify existing OpenVAS certificate infrastructure
38
39       -C     Create a certificate authority (CA)
40
41       -R     Create a certificate request for a CA
42
43       -r     Create a certificate request for a CA and sign it
44
45       -C     Create a certificate authority (CA)
46
47       -I     Install a CA certificate
48
49       -c     Create a certificate request and sign it
50
51       -i     Install a certificate
52
53       -S     Sign a certificate request
54
55       -f     Force overwriting of existing files
56
57   Certificate options
58       -E     Create a server certificate.   This  sets  the  appropriate  key
59              usage constraints for a server certificate.
60
61       -L     Create  a  client  certificate.   This  sets the appropriate key
62              usage constraints for a client certificate.
63
64       -A     Skip  CA  generation  in  automatic  mode.   This  automatically
65              (re-)generates  server and client certificates, but keeps the CA
66              certificate.
67
68   Configuration
69       -e file Read configuration  from  file  (see  below  for  configuration
70       details)
71
72   Output control
73       -d     Print debug output
74
75       -v     Print verbose messages
76
77       -q     Be quiet, only print error messages
78
79   Other options
80       -h     Print help
81

EXIT STATUS

83       0      The requested operation was successfully performed.
84
85       1      An  error  occurred,  the  requested operation could not be per‐
86              formed.
87

ENVIRONMENT

89       All certificate generation options can be set either through  the  con‐
90       figuration file or through environment variables like the following:
91
92       OPENVAS_CERTIFICATE_LIFETIME
93              Days until the certificate will expire
94
95       OPENVAS_CERTIFICATE_HOSTNAME
96              Name to use for the certificate
97
98       OPENVAS_CERTIFICATE_SIGNALG
99              Hash algorithm to use for signing
100
101       OPENVAS_CERTIFICATE_KEYSIZE
102              Size in bits of the generated key
103
104       OPENVAS_CERTIFICATE_SECPARAM
105              GnuTLS security level [low|medium|high|ultra]
106
107       OPENVAS_CERT_DIR
108              Directory  where keys and certificates are stored before instal‐
109              lation
110
111       OPENVAS_CERT_PREFIX
112              Prefix for certificate filename (e.g. "server")
113
114       For a complete list of options, please refer to the example  configura‐
115       tion file included in the documentation.
116

SEE ALSO

118       openvassd(8), openvasmd(8), gsad(8)
119
120
121
122The OpenVAS Project               2015-09-21           OPENVAS-MANAGE-CERTS(1)
Impressum