← Back to Riverbed NetProfiler Security Technical Implementation Guide

V-256094

CAT II (Medium)

The Riverbed NetProfiler must be configured to obtain its public key certificates from an appropriate certificate policy through an approved service provider.

Rule ID

SV-256094r997792_rule

STIG

Riverbed NetProfiler Security Technical Implementation Guide

Version

V2R1

CCIs

CCI-000366 CCI-001159 CCI-004068

Discussion

For user certificates, each organization obtains certificates from an approved, shared service provider, as required by OMB policy. For federal agencies operating a legacy public key infrastructure cross-certified with the Federal Bridge Certification Authority at medium assurance or higher, this certification authority will suffice.

Check Content

Go to Configuration >> Appliance Security >> Encryption Key Management. 

Under the "Local Credentials" tab, look for the "Apache SSL certificate". 

Under the "Action" column, click the drop-down menu and select "View Certificate". 

Verify the Privacy Enhanced Mail (PEM) format for the certificate and key match the certification authority-provided certificate and the certificate is signed by a DOD-approved certificate authority. 

If this is not true, this is a finding.

Fix Text

Go to Configuration >> Appliance Security >> Encryption Key Management. 

Under the "Local Credentials" tab, look for the "Apache SSL certificate". 

Under the "Action" column, click the drop-down menu and select "Change Key/Cert". 

Paste the private key and certificate in PEM format and click "Save". 

Restart the web browser to avoid connection errors.