UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The HPE Nimble must obtain its public key certificates from an appropriate certificate policy through an approved service provider.


Overview

Finding ID Version Rule ID IA Controls Severity
V-252198 HPEN-NM-000130 SV-252198r814074_rule Medium
Description
For user certificates, each organization obtains certificates from an approved, shared service provider, as required by OMB policy. For federal agencies operating a legacy public key infrastructure cross-certified with the Federal Bridge Certification Authority at medium assurance or higher, this Certification Authority will suffice.
STIG Date
HPE Nimble Storage Array Security Technical Implementation Guide 2022-03-16

Details

Check Text ( C-55654r814072_chk )
Type "cert --list". Review the output to confirm that the custom-ca and custom certificates exist, and the "Use" values specified for HTTPS and APIS are both "custom". If not, this is a finding.
Fix Text (F-55604r814073_fix)
To create and import a custom, CA-signed certificate follow these steps:

1. Type "cert --gen custom-csr". Copy the displayed CSR and submit it to an appropriate signing authority.
2. Type "cert --import custom-ca" and paste the PEM-encoded CA certificate chain as input to the command.
3. Type "cert --import custom" and paste the signed certificate obtained from the CA.