Symantec ProxySG must obtain its public key certificates from an appropriate certificate policy through an approved service provider.

An XCCDF Rule

Description

<VulnDiscussion>For user certificates, each organization obtains certificates from an approved, shared service provider, as required by OMB policy. For federal agencies operating a legacy public key infrastructure cross-certified with the Federal Bridge Certification Authority at medium assurance or higher, this Certification Authority will suffice.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>

ID: SV-104521r1_rule
Severity: Medium
References: CCI-000366 CCI-001159
Updated: about 1 year ago

Assign an appropriately signed certificate to the management interface.

1. Log on to the Web Management Console.
2. Click Configuration >> SSL >> Keyrings.
3. Click "Create", provide a name and bit size, click "OK".
4. Select the newly created keyring, click "Edit".5. Click "Create" under "Certificate Signing Request" and enter the appropriate information, click "OK", click "Close", click "Apply".
6. Select the newly created keyring, click "Edit".
7. Copy the text in the "Certificate Signing Request" field and submit to your appropriate Certificate Authority.
8. Once the certificate has been issued, paste it into the "Certificate" field, click "Close", click "Apply".
9. Click Services >> Management Services, click on "HTTPS-Console", click "Edit".
10. Change the "Keyring" value to the newly created keyring, click "OK", click "Apply".

Symantec ProxySG must obtain its public key certificates from an appropriate certificate policy through an approved service provider.

Description

Remediation - Manual Procedure