.. _setting_up_the_web_interface:

Setting up the web interface
^^^^^^^^^^^^^^^^^^^^^^^^^^^^

Access to the Greenbone Security Manager primarily occurs through the web interface.
To use it properly the following two steps are required:

#. Creation of a web administrator

   This user is used to log into the web interface with administrative rights.
   This user can use all of the features within the web interface.


#. Creation of a SSL certificate

   The SSL certificate is required to for the encrypted communication via HTTPS and OMP with the GSM.
   A self-signed certificate can be created or issue a certificate from a certificate authority (see section :ref:`external_certificate`)

.. todo::
   Irgendetwas passt hier nicht.
   Es ist bereits ein selbstsigniertes Zertifikat installiert (HTTPS geht), aber es kann im gos-admin-menu nicht angezeigt werden.
   SSH verwendet auch nicht das Zertifikat.
   Bei einer neuen Erzeugung eines Zertifikats wird das auch nicht vom Webserver genutzt.
   Es ist erst ein Neustart des GSM erforderlich.

.. _web_admin_user:

Web admin user
``````````````
To be able to use the GSM appliance a :index:`web administrator` must be set up.
This user is being referred to as :index:`Scan Administrator` in some documentation and by some applications.

The set-up of a web admin is only possible through the GOS-Admin-Menu or from command line.
Within the GOS-Admin-Menu switch to the :gos:menu:`User` option and select :gos:menu:`Add Web Admin`.
Now enter the name and password of the scan administrator.

More than one user with administrative rights can be set up.
Configuration of users from the GOS-Admin-Menu is not possible.
It is only possible to display existing users or delete them if applicable.

To edit the existing users, or add users with less permissions, use the web-interface.

Certificate
```````````
The GSM appliance basically can use two types of certificates:

* Self-signed certificates

* Certificates issued by an external certificate authority

The use of self-signed certificates is the easiest way.
It poses, however, the lowest security and more work for the user:

* The trust of a self-signed certificate can only be checked manually by the user through examination of the finger print of the certificate.

* Self-signed certificates cannot be revoked.
  Once they are accepted by the user in the browser they are stored permanently in the browser.

Usually, a GSM already carries a individual self-signed certificate.
The installation of a certificate signed by an external certificate authority is described in section :ref:`external_certificate`.

.. _self_signed_certificate:

Self-signed certificate
```````````````````````

To create a new self-signed certificate chose option :gos:menu:`SSL` in the GOS-Admin-Menu and then select :gos:menu:`Self-Signed`.
You will be prompted with a couple of questions.
The certificate is build based on the respective answers.
The declaration of commonName is not critical as it is not part of the certificate.

.. figure:: images-3.0/gsm-selfsignd.png
   :align: center
   :width: 70%

   The creation of a self-signed occurs via dialog.