The MQ Appliance network device must obtain its public key certificates from an appropriate certificate policy through an approved service provider.

An XCCDF Rule

Description

<VulnDiscussion>For user certificates, each organization obtains certificates from an approved, shared service provider as required by OMB policy. For federal agencies operating a legacy public key infrastructure cross-certified with the Federal Bridge Certification Authority at medium assurance or higher, this Certification Authority will suffice.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>

ID: SV-89697r1_rule
Severity: Medium
References: CCI-000366 CCI-001159
Updated: about 1 year ago

Obtain MQ Appliance and client certs from an approved CA or ECA as required by DoD policy. 

Log on to the MQ Appliance WebGUI as a privileged user. 

Import approved certs to the cert directory: 
- Click on the Administration (gear) icon. - Under Main, click on File Management. 
- Click cert directory. 
- Click Actions. 
- Upload files. 
- Browse to select MQ Appl cert. 
- Add. 
- Browse to select client cert. 
- Add. 
- [Repeat Browse and Add for all desired client certs.] 
- Upload. 
- Continue. 

Create cert aliases for use in MQ Appliance configurations (CLI). Enter: 
co 
crypto 
certificate <MQAppliance CryptoCert alias> cert:///<MQAppl cert file name> 
certificate <client CryptoCert alias> cert:///<client cert file name> 
[Repeat certificate command for any additional client certs.] 
exit 
write mem 
y

The MQ Appliance network device must obtain its public key certificates from an appropriate certificate policy through an approved service provider.

Description

Remediation - Manual Procedure