[Openvas-discuss] TLS error when trying to launch scan
neessen at cleverbridge.com
Thu Jul 16 15:50:23 CEST 2015
any other suggestions on how to troubleshoot this? It definetely seems to be
GnuTLS related, but I am not able to figure out what happens. gnutls-cli is able
% sudo gnutls-cli --x509cafile /usr/pkg/openvas/var/lib/openvas/CA/cacert.pem --x509certfile /usr/pkg/openvas/var/lib/openvas/CA/clientcert.pem --x509keyfile /usr/pkg/openvas/var/lib/openvas/private/CA/clientkey.pem --insecure -p 9391 localhost
Processed 1 CA certificate(s).
Processed 1 client X.509 certificates...
Connecting to '::1:9391'...
Connecting to '127.0.0.1:9391'...
- Certificate type: X.509
- Got a certificate list of 1 certificates.
- Certificate info:
- subject `C=DE,ST=NRW,L=Cologne,O=cleverbridge AG,OU=Server certificate for netscan.cgn.cleverbridge.com,CN=netscan.cgn.cleverbridge.com,EMAIL=openvassd at netscan.cgn.cleverbridge.com', issuer `C=DE,ST=NRW,L=Cologne,O=cleverbridge AG,OU=Certification Authority for netscan.cgn.cleverbridge.com,CN=netscan.cgn.cleverbridge.com,EMAIL=ca at netscan.cgn.cleverbridge.com', RSA key 4096 bits, signed using RSA-SHA256, activated `2015-07-14 12:40:08 UTC', expires `2016-07-13 12:40:08 UTC', SHA-1 fingerprint `03d157c0bb49caff86e9494862bbe72f17977b52'
Public Key ID:
Public key's random art:
+--[ RSA 4096]----+
| oOo. . |
| . * o o |
| . +.oo |
| ..o+o |
| .S+. . |
| + .o |
| . = .. |
| E o.. . |
| .+. ..+. |
- Status: The certificate is NOT trusted. The name in the certificate does not match the expected.
*** PKI verification of server certificate failed...
- Successfully sent 1 certificate(s) to server.
- Description: (TLS1.2)-(ECDHE-RSA-SECP256R1)-(AES-128-GCM)
- Session ID: D7:4B:24:A4:55:5B:75:17:ED:3E:96:65:7A:72:31:FB:F7:E1:A6:AD:55:9F:69:5A:F6:AC:B7:C0:CF:A5:B8:02
- Ephemeral EC Diffie-Hellman parameters
- Using curve: SECP256R1
- Curve size: 256 bits
- Version: TLS1.2
- Key Exchange: ECDHE-RSA
- Server Signature: RSA-SHA256
- Client Signature: RSA-SHA256
- Cipher: AES-128-GCM
- MAC: AEAD
- Compression: NULL
- Options: extended master secret, safe renegotiation,
- Handshake was completed
- Simple Client Mode:
Any help is highly appreciated.
> From: "Eero Volotinen" <eero.volotinen at iki.fi>
> To: "Winfried Neessen" <neessen at cleverbridge.com>
> Cc: "openvas-discuss" <openvas-discuss at wald.intevation.org>
> Sent: Tuesday, July 14, 2015 3:56:03 PM
> Subject: Re: [Openvas-discuss] TLS error when trying to launch scan
> Try restarting services again.sounds like (new) certificates are not loaded to
> 14.7.2015 4.10 ip. "Winfried Neessen" < neessen at cleverbridge.com > kirjoitti:
>> my redis-server is running. Also I doubt that this has s. th. to do with redis,
>> as the error says something
>> about a non-properly terminated TLS connection.
>> So I did a strace on the openvassd and found some messages about an untrusted
>> certificate. I then recreated
>> the CA, server and client certificates via openvas-mkcert -f and
>> openvas-mkcert-client -i -n and restarted
>> the services.
>> Now when I try to resume the job, it always tells me: 503 Service temporarly
>> down in the notice box of
>> Any other suggestions?
>>> From: "Eero Volotinen" < eero.volotinen at iki.fi >
>>> To: "Winfried Neessen" < neessen at cleverbridge.com >
>>> Cc: "openvas-discuss" < openvas-discuss at wald.intevation.org >
>>> Sent: Tuesday, July 14, 2015 12:10:47 PM
>>> Subject: Re: [Openvas-discuss] TLS error when trying to launch scan
>>> Check your redis-server configuration.
>>> 14.7.2015 1.09 ip. "Winfried Neessen" < neessen at cleverbridge.com > kirjoitti:
>>>> I am trying to launch a scan in my OpenVAS instance. Once I press the
>>>> "play"-button, it says
>>>> "Requested" but after a second it already says: "Stopped at 1%". The
>>>> openvasmd.log says:
>>>> md main:WARNING:2015-07-14 10h06.49 UTC:24191: openvas_scanner_read: failed to
>>>> read from server: The TLS connection was non-properly terminated.
>>>> event task:MESSAGE:2015-07-14 10h06.49 UTC:24191: Status of task Test network
>>>> scan CGN (2fa50913-5928-4122-91a6-0c5251ecce56) has changed to Requested
>>>> event task:MESSAGE:2015-07-14 10h06.49 UTC:24191: Task
>>>> 2fa50913-5928-4122-91a6-0c5251ecce56 has been resumed by wneessen
>>>> md main:WARNING:2015-07-14 10h06.51 UTC:24193: openvas_scanner_read: failed to
>>>> read from server: The specified session has been invalidated for some reason.
>>>> event task:MESSAGE:2015-07-14 10h06.51 UTC:24193: Status of task Test network
>>>> scan CGN (2fa50913-5928-4122-91a6-0c5251ecce56) has changed to Stopped
>>>> md main:WARNING:2015-07-14 10h06.51 UTC:24193: sql_close: attempt to close db
>>>> with open statement(s)
>>>> Any idea what to do?
>>>> Openvas-discuss mailing list
>>>> Openvas-discuss at wald.intevation.org
>> Openvas-discuss mailing list
>> Openvas-discuss at wald.intevation.org
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Openvas-discuss