The MQ Appliance network device must obtain its public key certificates from an appropriate certificate policy through an approved service provider.

An XCCDF Rule

Description

For user certificates, each organization obtains certificates from an approved, shared service provider as required by OMB policy. For federal agencies operating a legacy public key infrastructure cross-certified with the Federal Bridge Certification Authority at medium assurance or higher, this Certification Authority will suffice.

ID: SV-89697r1_rule
Version: MQMH-ND-001520
Severity: Medium
References: CCI-000366 CCI-001159
Updated: 7 days ago

Remediation Templates

Obtain MQ Appliance and client certs from an approved CA or ECA as required by DoD policy. 

Log on to the MQ Appliance WebGUI as a privileged user. 

Import approved certs to the cert directory: 
- Click on the Administration (gear) icon. - Under Main, click on File Management. 
- Click cert directory. 
- Click Actions. 
- Upload files. 
- Browse to select MQ Appl cert. 
- Add. 
- Browse to select client cert. 
- Add. 
- [Repeat Browse and Add for all desired client certs.] 
- Upload. 
- Continue. 

Create cert aliases for use in MQ Appliance configurations (CLI). Enter: 
co 
crypto 
certificate <MQAppliance CryptoCert alias> cert:///<MQAppl cert file name> 
certificate <client CryptoCert alias> cert:///<client cert file name> 
[Repeat certificate command for any additional client certs.] 
exit 
write mem 
y

The MQ Appliance network device must obtain its public key certificates from an appropriate certificate policy through an approved service provider.

Description

Remediation Templates

A Manual Procedure