The NSX-T Manager must obtain its public key certificates from an approved DoD certificate authority.
An XCCDF Rule
Description
For user certificates, each organization obtains certificates from an approved, shared service provider, as required by OMB policy. For Federal agencies operating a legacy public key infrastructure cross-certified with the Federal Bridge Certification Authority at medium assurance or higher, this Certification Authority will suffice.
- ID
- SV-251792r879887_rule
- Version
- TNDM-3X-000095
- Severity
- Medium
- References
- Updated
Remediation Templates
A Manual Procedure
Obtain a certificate or certificates signed by an approved DoD certification authority. This can be done individually by generating CSRs through the NSX-T Manager web interface >> System >> Certificates >> CSRs >> Generate CSR or outside of NSX-T if a common manager and cluster certificate is desired.
Import the certificate(s) into NSX-T by doing the following:
From the NSX-T Manager web interface, go to System >> Certificates >> Import >> Import Certificate. Provide a name for the certificate and paste the certificates contents and key. Uncheck "Service Certificate" and click "Import".