If a certificate is used for the SCOM web console, this certificate must be generated by a DoD CA or CA approved by the organization.
An XCCDF Rule
Description
<VulnDiscussion>Web certificates should always be signed by a trusted signer and never self-signed.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>
- ID
- SV-237434r643948_rule
- Severity
- Low
- References
- Updated
Remediation - Manual Procedure
Issue a web corticated from a trusted internal CA server as this will be required for https protocols to function properly. It will need to be installed on the server in advance.
From the SCOM web console server, open IIS. Right-click on the Default Website and choose edit bindings. Click on the https binding and click edit. For the SSL certificate drop down, choose the new certificate. Click OK. Test https access to the SCOM web console and troubleshoot if connectivity is not working. Once connectivity is established, delete the http binding.