Enable Online OCSP/CRL Certificate Checks

An XCCDF Rule

Description

Certificates can become compromised, and Chromium should check that the certificates in its store are valid by setting EnableOnlineRevocationChecks to true in the Chromium policy file.

Rationale

Certificates are revoked when they have been compromised or are no longer valid, and this option protects users from submitting confidential data to a site that may be fraudulent or not secure.

ID: xccdf_org.ssgproject.content_rule_chromium_check_cert_revocation
Severity: Unknown
References: DTBC0037
Updated: over 1 year ago

Remediation Templates

if ! grep -q EnableOnlineRevocationChecks /etc/chromium/policies/managed/chrome_stig_policy.json; then
   sed -i -e '/{/a \  "'EnableOnlineRevocationChecks'": 'true',' /etc/chromium/policies/managed/chrome_stig_policy.json
else
   sed -i -e 's/\"'EnableOnlineRevocationChecks'.*/\"'EnableOnlineRevocationChecks'\": 'true',/g' /etc/chromium/policies/managed/chrome_stig_policy.json
fi

Enable Online OCSP/CRL Certificate Checks

Description

Rationale

Remediation Templates

A Shell Script