Rule ID
SV-104521r1_rule
Version
V1R2
For user certificates, each organization obtains certificates from an approved, shared service provider, as required by OMB policy. For federal agencies operating a legacy public key infrastructure cross-certified with the Federal Bridge Certification Authority at medium assurance or higher, this Certification Authority will suffice.
Verify all management certificates are issued by an appropriate certificate authority. 1. Log on to the Web Management Console. 2. Click Services >> Management Services, click on HTTPS-Console and click "Edit". 3. Note the name of the "keyring" assigned. 4. Click Configuration >> SSL >> Keyrings. 5. Select the keyring that was noted above, click "View Certificate". 6. Confirm that the certificate is issued by the appropriate certificate authority. If Symantec ProxySG does not obtain its public key certificates from an appropriate certificate policy through an approved service provider, this is a finding.
Assign an appropriately signed certificate to the management interface. 1. Log on to the Web Management Console. 2. Click Configuration >> SSL >> Keyrings. 3. Click "Create", provide a name and bit size, click "OK". 4. Select the newly created keyring, click "Edit". 5. Click "Create" under "Certificate Signing Request" and enter the appropriate information, click "OK", click "Close", click "Apply". 6. Select the newly created keyring, click "Edit". 7. Copy the text in the "Certificate Signing Request" field and submit to your appropriate Certificate Authority. 8. Once the certificate has been issued, paste it into the "Certificate" field, click "Close", click "Apply". 9. Click Services >> Management Services, click on "HTTPS-Console", click "Edit". 10. Change the "Keyring" value to the newly created keyring, click "OK", click "Apply".