Nutanix AOS must use DoD- or CNSS-approved PKI Class 3 or Class 4 certificates.
An XCCDF Rule
Description
<VulnDiscussion>Class 3 PKI certificates are used for servers and software signing rather than for identifying individuals. Class 4 certificates are used for business-to-business transactions. Utilizing unapproved certificates not issued or approved by DoD or CNS creates an integrity risk. The application server must utilize approved DoD or CNS Class 3 or Class 4 certificates for software signing and business-to-business transactions. Satisfies: SRG-APP-000514-AS-000137, SRG-APP-000427-AS-000264</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>
- ID
- SV-254114r846430_rule
- Severity
- High
- References
- Updated
Remediation - Manual Procedure
Configure Nutanix AOS to use a trusted DoD root CA signed certificate.
1. Log in to Prism Element.
2. Click on the gear icon in the upper right.
3. Navigate to the SSL Certificate section.
4. Click "Relace Certificate".