Discussion:
the certificate has expired
(too old to reply)
mlist
2016-05-31 15:45:01 UTC
Permalink
We downloaded and deployed openVAS appliance but when we run a Task, we get on the web interface:

peration: Start Task
Status code: 503
Status message: Service temporarily down

and on the openvasmd.log file:

lib auth: INFO:2016-05-31 15h10.42 utc:623: Authentication configuration not found.
lib serv:WARNING:2016-05-31 15h11.50 UTC:792: openvas_server_verify: the certificate is not trusted
lib serv:WARNING:2016-05-31 15h11.50 UTC:792: openvas_server_verify: the certificate has expired
event task:MESSAGE:2016-05-31 15h11.50 UTC:792: Task 8dd4abc7-074a-48a4-b6bc-4b707678427c could not be started by admin


Executing openvas-check-setup we get "It seems like your OpenVAS-8 installation is OK."

Can someone provides process to correct this error so we can run a task successfully ?

Roberto
W Scott Lockwood III
2016-05-31 16:02:47 UTC
Permalink
Post by mlist
We downloaded and deployed openVAS appliance but when we run a Task, we get
peration: Start Task
Status code: 503
Status message: Service temporarily down
lib auth: INFO:2016-05-31 15h10.42 utc:623: Authentication configuration not found.
lib serv:WARNING:2016-05-31 15h11.50 UTC:792: openvas_server_verify: the
certificate is not trusted
lib serv:WARNING:2016-05-31 15h11.50 UTC:792: openvas_server_verify: the
certificate has expired
event task:MESSAGE:2016-05-31 15h11.50 UTC:792: Task
8dd4abc7-074a-48a4-b6bc-4b707678427c could not be started by admin
Executing openvas-check-setup we get “It seems like your OpenVAS-8
installation is OK.”
Can someone provides process to correct this error so we can run a task successfully ?
Roberto
Just make a self-signed cert to replace the expired one. That's pretty much it.
mlist
2016-05-31 16:13:32 UTC
Permalink
I tried your solution, also found here: https://marc.info/?l=openvas-discuss&m=140492356604934&w=2



Solution:

openvas-mkcert -f

openvas-mkcert-client -i -n

restart all daemons.





But we get status code 503 on gsad interface and on the log:



lib serv:WARNING:2016-05-31 16h07.17 UTC:19314: Failed to shake hands with peer: The TLS connection was non-properly terminated.

lib serv:WARNING:2016-05-31 16h07.17 UTC:19314: Failed to shutdown server socket

event task:MESSAGE:2016-05-31 16h07.17 UTC:19314: Task 8dd4abc7-074a-48a4-b6bc-4b707678427c could not be started by admin



Roberto





-----Original Message-----
From: W Scott Lockwood III [mailto:***@gmail.com]
Sent: martedì 31 maggio 2016 18.03
To: mlist <***@apsystems.it>
Cc: openvas-***@wald.intevation.org
Subject: Re: [Openvas-discuss] the certificate has expired
Post by mlist
We downloaded and deployed openVAS appliance but when we run a Task, we get
peration: Start Task
Status code: 503
Status message: Service temporarily down
lib auth: INFO:2016-05-31 15h10.42 utc:623: Authentication configuration
not found.
lib serv:WARNING:2016-05-31 15h11.50 UTC:792: openvas_server_verify: the
certificate is not trusted
lib serv:WARNING:2016-05-31 15h11.50 UTC:792: openvas_server_verify: the
certificate has expired
event task:MESSAGE:2016-05-31 15h11.50 UTC:792: Task
8dd4abc7-074a-48a4-b6bc-4b707678427c could not be started by admin
Executing openvas-check-setup we get “It seems like your OpenVAS-8
installation is OK.”
Can someone provides process to correct this error so we can run a task
successfully ?
Roberto
Just make a self-signed cert to replace the expired one. That's pretty much it.
--
Il messaggio e' stato analizzato alla ricerca di virus o

contenuti pericolosi da MailScanner, ed e'

risultato non infetto.
W Scott Lockwood III
2016-05-31 16:15:13 UTC
Permalink
Post by mlist
https://marc.info/?l=openvas-discuss&m=140492356604934&w=2
openvas-mkcert -f
openvas-mkcert-client -i -n
restart all daemons.
lib serv:WARNING:2016-05-31 16h07.17 UTC:19314: Failed to shake hands with
peer: The TLS connection was non-properly terminated.
lib serv:WARNING:2016-05-31 16h07.17 UTC:19314: Failed to shutdown server socket
event task:MESSAGE:2016-05-31 16h07.17 UTC:19314: Task
8dd4abc7-074a-48a4-b6bc-4b707678427c could not be started by admin
Roberto
How very odd. I follow those same instructions and it has always
worked for me. Someone from Greenbone will have to follow up.

--
W. Scott Lockwood III
Michael Meyer
2016-05-31 18:08:19 UTC
Permalink
Post by mlist
openvas-mkcert -f
openvas-mkcert-client -i -n
restart all daemons.
https://svn.wald.intevation.org/svn/openvas/trunk/openvas-manager/INSTALL
The part "Updating Scanner Certificates"...

Micha
--
Michael Meyer OpenPGP Key: 0xAF069E9152A6EFA6
http://www.greenbone.net/
Greenbone Networks GmbH, Neuer Graben 17, 49074 Osnabrück | AG
Osnabrück, HR B 202460
Geschäftsführer: Lukas Grunwald, Dr. Jan-Oliver Wagner
mlist
2016-05-31 19:54:10 UTC
Permalink
Thank you. That worked for me !

Roberto


-----Original Message-----
From: Openvas-discuss [mailto:openvas-discuss-***@wald.intevation.org] On Behalf Of Michael Meyer
Sent: martedì 31 maggio 2016 20.08
To: openvas-***@wald.intevation.org
Subject: Re: [Openvas-discuss] the certificate has expired
Post by mlist
openvas-mkcert -f
openvas-mkcert-client -i -n
restart all daemons.
https://svn.wald.intevation.org/svn/openvas/trunk/openvas-manager/INSTALL
The part "Updating Scanner Certificates"...

Micha
--
Michael Meyer OpenPGP Key: 0xAF069E9152A6EFA6
http://www.greenbone.net/
Greenbone Networks GmbH, Neuer Graben 17, 49074 Osnabrück | AG
Osnabrück, HR B 202460
Geschäftsführer: Lukas Grunwald, Dr. Jan-Oliver Wagner
_______________________________________________
Openvas-discuss mailing list
Openvas-***@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
--
Il messaggio e' stato analizzato alla ricerca di virus o
contenuti pericolosi da MailScanner, ed e'
risultato non infetto.
mlist
2016-05-31 20:11:04 UTC
Permalink
Someone can point me in the right direction about these:

1. in the log we sometimes see " lib auth: INFO:2016-05-31 19h51.41 utc:19609: Authentication configuration not found."

What it means as we do not have any authentication noticeable problem ?

2. openvas-check-setup returns 2 WARNINGs:

WARNING: Signature checking of NVTs is not enabled in OpenVAS Scanner.
SUGGEST: Enable signature checking (see http://www.openvas.org/trusted-nvts.html).

Is this to avoid using insecure feed ?

WARNING: Your version of nmap is not fully supported: 6.47
SUGGEST: You should install nmap 5.51 if you plan to use the nmap NSE NVTs.

Do it means that without nmap 5.51 one cannot use nmap NSE NVT ?
On the Virtual Appliance it is possible to downgrade nmap ?

Roberto


-----Original Message-----
From: Openvas-discuss [mailto:openvas-discuss-***@wald.intevation.org] On Behalf Of Michael Meyer
Sent: martedì 31 maggio 2016 20.08
To: openvas-***@wald.intevation.org
Subject: Re: [Openvas-discuss] the certificate has expired
Post by mlist
openvas-mkcert -f
openvas-mkcert-client -i -n
restart all daemons.
https://svn.wald.intevation.org/svn/openvas/trunk/openvas-manager/INSTALL
The part "Updating Scanner Certificates"...

Micha
--
Michael Meyer OpenPGP Key: 0xAF069E9152A6EFA6
http://www.greenbone.net/
Greenbone Networks GmbH, Neuer Graben 17, 49074 Osnabrück | AG
Osnabrück, HR B 202460
Geschäftsführer: Lukas Grunwald, Dr. Jan-Oliver Wagner
_______________________________________________
Openvas-discuss mailing list
Openvas-***@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
--
Il messaggio e' stato analizzato alla ricerca di virus o
contenuti pericolosi da MailScanner, ed e'
risultato non infetto.
Loading...