How to update certificates or disable OpenVAS in Snare Central

Owned by Steve Challans
Last updated: Feb 07, 2024 by Svetlana Sheptiy
1 min read

The following instructions apply to Snare Central versions earlier than v8.6.0.

In v8.6.0 OpenVAS scanner and its database were removed from Snare Central.

If you need to update the certificates used for OpenVAS you can perform the following:

To update the certificates with new ones, customer can run the following commands as the root user on the Snare Central Server from the CLI prompt.

as the root user shell:

$ sudo openvas-manage-certs -a -f

$ sudo systemctl restart openvas-scanner
$ sudo systmectl restart openvas-manager
$sudo systemctl restart openvas-gsa

Then you can validate the cert dates status using the following commands

$ cat /var/lib/openvas/CA/clientcert.pem | openssl x509 -noout -dates
$ cat /var/lib/openvas/CA/cacert.pem | openssl x509 -noout -dates
$ cat /var/lib/openvas/CA/servercert.pem | openssl x509 -noout -dates

For customers that don't want to run OpenVAS in Snare Central then they can perform the following to disable the services associated with the scanning tools.

Second option is to stop the service then disable the service from starting from a reboot.

$ sudo systemctl stop openvas-gsa

$ sudo systemctl stop openvas-scanner

$sudo systemctl stop openvas-manager

$ sudo systemctl disable openvas-gsa

$sudo systemctl disable openvas-scanner

$sudo systemctl disable openvas-manager