The HPE Nimble must obtain its public key certificates from an appropriate certificate policy through an approved service provider.
Severity | Group ID | Group Title | Version | Rule ID | Date | STIG Version |
|---|---|---|---|---|---|---|
| medium | V-252198 | SRG-APP-000516-NDM-000344 | HPEN-NM-000130 | SV-252198r1001013_rule | 2024-06-20 | 2 |
| Description |
|---|
| For user certificates, each organization obtains certificates from an approved, shared service provider, as required by OMB policy. For federal agencies operating a legacy public key infrastructure cross-certified with the Federal Bridge Certification Authority at medium assurance or higher, this Certification Authority (CA) will suffice. |
| ℹ️ Check |
|---|
| Type "cert --list". Review the output to confirm that the custom-ca and custom certificates exist, and the "Use" values specified for HTTPS and APIS are both "custom". If not, this is a finding. |
| ✔️ Fix |
|---|
| To create and import a custom, CA-signed certificate, follow these steps: 1. Type "cert --gen custom-csr". Copy the displayed CSR and submit it to an appropriate signing authority. 2. Type "cert --import custom-ca" and paste the PEM-encoded CA certificate chain as input to the command. 3. Type "cert --import custom" and paste the signed certificate obtained from the CA. |