Log in as root and create a directory named /etc/openvas/ssl

If you are doing a self signed certificate

cd /etc/openvas/ssl
openssl req -x509 -newkey rsa:2048 -nodes -days 3640 -keyout pentest.key -out pentest.pem

(answer the prompts)

If you are using a commercial SSL certificate

Copy the certificate and key files to /etc/openvas/ssl

Now – For both a self signed or a Commercial SSL Certificate:

Edit the file /etc/sysconfig/gsad and add or update the following line

OPTIONS="--listen=0.0.0.0 --port=9392 --ssl-certificate=/etc/openvas/ssl/pentest.pem --ssl-private-key=/etc/openvas/ssl/pentest.key"

Now execute

systemctl restart gsad

Done!

Some quick troubleshooting

If things are not working, look at /var/log/gvm/gsad.log

If you see:

Could not load SSL certificate from /etc/openvas/ssl/pentest.pem: Failed to open file “/etc/openvas/ssl/pentest.pem”: No such file or directory

you probably typoed a file name. Check the file names in /etc/openvas/ssl and the OPTIONS line in /etc/sysconfig/gsad

if you see

Binding to port 443 failed, trying default port 9392 next.

and/of

MHD: Failed to initialize TLS support

You may have a bad certificate (especially if you did a self signed certificate) or an expired certificate

Tested with greenbone-security-assistant-8.0.0-6932.el7.art.x86_64 running on Centos 7.7