Una de las versiones de OpenVAS que tenemos disponible para descargar del sitio oficial es una imagen OVA que corre sobre VirtualBox. Lamentablemente esta imagen viene con un certificado que venció hace semanas y esto hace que el sistema nos retorne un 503 – Service temporarily down. Para solucionar este fallo solo debemos renovar los certificados del servidor y cliente OpenVAS.

Lo primero que debemos hacer es actualizar el sistema completo

# apt-get update
# apt-get upgrade
# apt-get dist-upgrade
# systemctl stop openvas-scanner
# systemctl stop openvas-manager

Generamos el nuevo certificado

# openvas-mkcert -f
-------------------------------------------------------------------------------
                        Creation of the OpenVAS SSL Certificate
-------------------------------------------------------------------------------
 
This script will now ask you the relevant information to create the SSL certificate of OpenVAS.
Note that this information will *NOT* be sent to anybody (everything stays local), but anyone with the ability to connect to your OpenVAS daemon will be able to retrieve this information.
 
 
CA certificate life time in days [1460]: 
Server certificate life time in days [365]: 
Your country (two letter code) [DE]: 
Your state or province name [none]: 
Your location (e.g. town) [Berlin]: 
Your organization [OpenVAS Users United]: 
 
 
-------------------------------------------------------------------------------
                        Creation of the OpenVAS SSL Certificate
-------------------------------------------------------------------------------
 
Congratulations. Your server certificate was properly created.
 
The following files were created:
 
. Certification authority:
   Certificate = /usr/local/var/lib/openvas/CA/cacert.pem
   Private key = /usr/local/var/lib/openvas/private/CA/cakey.pem
 
. OpenVAS Server : 
    Certificate = /usr/local/var/lib/openvas/CA/servercert.pem
    Private key = /usr/local/var/lib/openvas/private/CA/serverkey.pem
 
Press [ENTER] to exit
 
# openvas-mkcert-client -i -n

Con los archivos de claves generados, nos resta obtener el UUID del escaner.

# openvasmd --get-scanners
 
08b69003-5fc2-4037-a479-93b440211c73  OpenVAS Default

Ahora si podemos actualizar los parámetros del servidor con el siguiente comando:

# openvasmd --modify-scanner 08b69003-5fc2-4037-a479-93b440211c73 	
	    --scanner-ca-pub /usr/local/var/lib/openvas/CA/cacert.pem 
	    --scanner-key-pub /usr/local/var/lib/openvas/CA/servercert.pem 
	    --scanner-key-priv /usr/local/var/lib/openvas/private/CA/serverkey.pem

Actualizamos, guardamos y por las dudas, reiniciamos el servidor.

# openvas-nvt-sync
# systemctl start openvas-scanner
# openvasmd --rebuild 
# openvasmd --backup
# systemctl start openvas-manager
# systemctl start gsa

Ahora si deberíamos tener el OpenVAS funcionando como de costumbre.

Suerte!