Rule ID
SV-255773r961863_rule
Version
V1R2
For user certificates, each organization obtains certificates from an approved, shared service provider as required by OMB policy. For federal agencies operating a legacy public key infrastructure cross-certified with the Federal Bridge Certification Authority at medium assurance or higher, this Certification Authority will suffice.
Log on to the MQ Appliance CLI as a privileged user. To verify certs, enter: co crypto show certificate [lists all defined cert aliases] Verify the following: All certificate aliases point to standard DoD cert files and none are self-generated. If the certificates were not generated by a DoD approved CA, or if they are self-signed certificates, this is a finding.
Obtain MQ Appliance and client certs from an approved CA or ECA as required by DoD policy. Log on to the MQ Appliance WebGUI as a privileged user. Import approved certs to the cert directory: - Click on the Administration (gear) icon. - Under Main, click on File Management. - Click cert directory. - Click Actions. - Upload files. - Browse to select MQ Appl cert. - Add. - Browse to select client cert. - Add. - [Repeat Browse and Add for all desired client certs.] - Upload. - Continue. Create cert aliases for use in MQ Appliance configurations (CLI). Enter: co crypto certificate <MQAppliance CryptoCert alias> cert:///<MQAppl cert file name> certificate <client CryptoCert alias> cert:///<client cert file name> [Repeat certificate command for any additional client certs.] exit write mem y