4.6. Setting up the web interface

Access to the Greenbone Security Manager primarily occurs through the web interface. To use it properly the following two steps are required:

  1. Creation of a web administrator

    This user is used to log into the web interface with administrative rights. This user can use all of the features within the web interface.

  2. Creation of a SSL certificate

    The SSL certificate is required to for the encrypted communication via HTTPS and OMP with the GSM. A self-signed certificate can be created or issue a certificate from a certificate authority (see section Certificate by an external certificate authority)

4.6.1. Web admin user

To be able to use the GSM appliance a web administrator must be set up. This user is being referred to as Scan Administrator in some documentation and by some applications.

The set-up of a web admin is only possible through the GOS-Admin-Menu or from command line. Within the GOS-Admin-Menu switch to the User option and select Add Web Admin. Now enter the name and password of the scan administrator.

More than one user with administrative rights can be set up. Configuration of users from the GOS-Admin-Menu is not possible. It is only possible to display existing users or delete them if applicable.

To edit the existing users, or add users with less permissions, use the web-interface.

4.6.2. Certificate

The GSM appliance basically can use two types of certificates:

  • Self-signed certificates
  • Certificates issued by an external certificate authority

The use of self-signed certificates is the easiest way. It poses, however, the lowest security and more work for the user:

  • The trust of a self-signed certificate can only be checked manually by the user through examination of the finger print of the certificate.
  • Self-signed certificates cannot be revoked. Once they are accepted by the user in the browser they are stored permanently in the browser.

Usually, a GSM already carries a individual self-signed certificate. The installation of a certificate signed by an external certificate authority is described in section Certificate by an external certificate authority.

4.6.3. Self-signed certificate

To create a new self-signed certificate chose option SSL in the GOS-Admin-Menu and then select Self-Signed. You will be prompted with a couple of questions. The certificate is build based on the respective answers. The declaration of commonName is not critical as it is not part of the certificate.

../_images/gsm-selfsignd.png

The creation of a self-signed occurs via dialog.