How to Remove a CertificateManaging NVT signaturesHow to Add a CertificateHow to Set Trust

How to Set Trust

To express trust into keys that signed NVTs you need a signing key for your OpenVAS installation. You can use an existing key, or you can generate a new one:

# gpg --homedir=/etc/openvas/gnupg --gen-key

This needs to be done only once for an OpenVAS-Server installation.

For OpenVAS to trust a signature, the key used to create the signature has to be valid. A certificate corresponding to this key that was just imported has an unknown validity and thus is considered not valid.

In order to trust a certificate for your purpose, you have to sign it. The recommended way is to use local signatures that remain only in the keyring of your OpenVAS Server installation.

To sign a certificate you need to know its KEY_ID. You can get it either from the OpenVAS website or via a "list-keys" command. Then you can locally sign:

# gpg --homedir=/etc/openvas/gnupg --list-keys

# gpg --homedir=/etc/openvas/gnupg --lsign-key KEY_ID

Before signing you should be absolutely sure that you are signing correct certificate. You may use its fingerprint and other methods to convince yourself.


How to Remove a CertificateManaging NVT signaturesHow to Add a CertificateHow to Set Trust