Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages

  
 
  

home | help
OPENVAUserNmanualRfor1the Open Vulnerability AssessmentOPENVAS-MANAGE-CERTS(1)

NAME
       openvas-manage-certs - manage certificate infrastructure	for an OpenVAS
       installation

SYNOPSIS
       openvas-manage-certs [OPTION]...

DESCRIPTION
       openvas-manage-certs manages  the  certificate  infrastructure  for  an
       OpenVAS	installation.	The certificate	infrastructure enables OpenVAS
       daemons to communicate in a secure manner and is	used  for  authentica-
       tion  and authorization before establishing TLS connections between the
       daemons.

       The OpenVAS certificate infrastructure consists of  a  certificate  au-
       thority	(CA) which is trusted by all OpenVAS daemons.  This CA is then
       used to sign certificates used by the various  daemons.	 The  certifi-
       cates can be divided into two use cases:

       o  Server certificates, primarily used for authentication

       o  Client certificates, primarily used for authorization

       openvas-manage-certs  can  perform  an  automatic creation of a default
       certificate infrastructure for a	standard OpenVAS installation.	It can
       also  verify an existing	infrastructure and perform various certificate
       related tasks to	support	the setup of a more complex infrastructure.

OPTIONS
   Certificate infrastructure management
       -a     Automatically set	up default infrastructure for OpenVAS

       -V     Verify existing OpenVAS certificate infrastructure

       -C     Create a certificate authority (CA)

       -R     Create a certificate request for a CA

       -r     Create a certificate request for a CA and	sign it

       -C     Create a certificate authority (CA)

       -I     Install a	CA certificate

       -c     Create a certificate request and sign it

       -i     Install a	certificate

       -S     Sign a certificate request

       -f     Force overwriting	of existing files

   Certificate options
       -E     Create a server certificate.  This sets the appropriate key  us-
	      age constraints for a server certificate.

       -L     Create  a	client certificate.  This sets the appropriate key us-
	      age constraints for a client certificate.

       -A     Skip  CA	generation  in	automatic  mode.   This	 automatically
	      (re-)generates  server and client	certificates, but keeps	the CA
	      certificate.

   Configuration
       -e file Read configuration from file (see below for  configuration  de-
       tails)

   Output control
       -d     Print debug output

       -v     Print verbose messages

       -q     Be quiet,	only print error messages

   Other options
       -h     Print help

EXIT STATUS
       0      The requested operation was successfully performed.

       1      An  error	 occurred,  the	 requested operation could not be per-
	      formed.

ENVIRONMENT
       All certificate generation options can be set either through  the  con-
       figuration file or through environment variables	like the following:

       OPENVAS_CERTIFICATE_LIFETIME
	      Days until the certificate will expire

       OPENVAS_CERTIFICATE_HOSTNAME
	      Name to use for the certificate

       OPENVAS_CERTIFICATE_SIGNALG
	      Hash algorithm to	use for	signing

       OPENVAS_CERTIFICATE_KEYSIZE
	      Size in bits of the generated key

       OPENVAS_CERTIFICATE_SECPARAM
	      GnuTLS security level [low|medium|high|ultra]

       OPENVAS_CERT_DIR
	      Directory	 where keys and	certificates are stored	before instal-
	      lation

       OPENVAS_CERT_PREFIX
	      Prefix for certificate filename (e.g. "server")

       For a complete list of options, please refer to the example  configura-
       tion file included in the documentation.

SEE ALSO
       openvassd(8), openvasmd(8), gsad(8)

The OpenVAS Project		  2015-09-21	       OPENVAS-MANAGE-CERTS(1)

NAME | SYNOPSIS | DESCRIPTION | OPTIONS | EXIT STATUS | ENVIRONMENT | SEE ALSO

Want to link to this manual page? Use this URL:
<https://www.freebsd.org/cgi/man.cgi?query=openvas-manage-certs&sektion=1&manpath=FreeBSD+13.0-RELEASE+and+Ports>

home | help