#9 - LetsEncrypt certificate for OpenVAS
OpenVAS runs its own webserver and getting letsencrypt for it is quite straighforward.
The following is for setting up letsencrypt on Ubuntu LTS 16.04 (my server setup)
Once you’ve got OpenVAS running & you have a domain pointing to your server’s IP address:
- Install letsencrypt - sudo apt install letsencrypt
- Install certificate - sudo letsencrypt certonly (and follow the instructions)
Note: I had to allow conection to port 80 on the server to get #2 to work
Once 1 & 2 are done.
- Edit /etc/default/openvas-gsa with your favorite text editor (i.e. vim)
Modify the following variables: ALLOW_HEADER_HOST=yourdomain_here PORT_NUMBER=443 (optional, default is 4000) HTTP_REDIRECT=1 (optional - redirects people to you TLS enabled page) SSL_PRIVATE_KEY=/etc/letsencrypt/live/yourdomain_here/privkey.pem SSL_CERTIFICATE=/etc/letsencrypt/live/yourdomain_here/cert.pem
Make sure you don’t have any mistakes, typos.
- Restart openvas-gsa: sudo service openvas-gsa restart
- Go to your site: https://yourdomain_here/
Good luck!