Openvas Webinterface Letsencrypt: Unterschied zwischen den Versionen

Aus Xinux Wiki
Zur Navigation springen Zur Suche springen
Zeile 4: Zeile 4:
 
=Zertifikat holen=
 
=Zertifikat holen=
 
*certbot certonly --standalone -d cain.txxn.de
 
*certbot certonly --standalone -d cain.txxn.de
 +
=Konfiguration=
 +
*cat /etc/systemd/system/greenbone-security-assistant.service
 +
<pre>
 +
[Unit]
 +
Description=Greenbone Security Assistant
 +
Documentation=man:gsad(8) http://www.openvas.org/
 +
Wants=openvas-manager.service
 +
 +
[Service]
 +
Type=simple
 +
PIDFile=/var/run/gsad.pid
 +
ExecStart=/usr/sbin/gsad --foreground --listen=0.0.0.0 --port=9392 --mlisten=0.0.0.0 --mport=9390 --ssl-private-key=/etc/letsencrypt/live/cain.tuxmen.de/privkey.pem --ssl-ertificate=/etc/letsencrypt/live/cain.tuxmen.de/cert.pem
 +
</pre>
 +
=Renew Script=
 +
*cat /usr/local/sbin/cert-renew
 +
#!/bin/bash
 +
SERVICES="greenbone-security-assistant"
 +
for SERVICE in $SERVICES
 +
do
 +
systemctl $1 $SERVICE
 +
done
 +
*chmod a+x /usr/local/sbin/cert-renew

Version vom 5. November 2018, 10:56 Uhr

Install

  • apt-get install certbot
  • systemctl stop greenbone-security-assistant

Zertifikat holen

  • certbot certonly --standalone -d cain.txxn.de

Konfiguration

  • cat /etc/systemd/system/greenbone-security-assistant.service
[Unit]
Description=Greenbone Security Assistant
Documentation=man:gsad(8) http://www.openvas.org/
Wants=openvas-manager.service

[Service]
Type=simple
PIDFile=/var/run/gsad.pid
ExecStart=/usr/sbin/gsad --foreground --listen=0.0.0.0 --port=9392 --mlisten=0.0.0.0 --mport=9390 --ssl-private-key=/etc/letsencrypt/live/cain.tuxmen.de/privkey.pem --ssl-ertificate=/etc/letsencrypt/live/cain.tuxmen.de/cert.pem

Renew Script

  • cat /usr/local/sbin/cert-renew
  1. !/bin/bash

SERVICES="greenbone-security-assistant" for SERVICE in $SERVICES do systemctl $1 $SERVICE done

  • chmod a+x /usr/local/sbin/cert-renew
Abgerufen von „http://wiki.ixheim.de/index.php?title=Openvas_Webinterface_Letsencrypt&oldid=17524