The option to enable online certificate validation must be enabled.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-32832	JRE0040-UX	SV-43618r1_rule		Medium

Description
Online certificate validation provides a real-time alternative to validating a certificate. When enabled, if a certificate is presented, the status of the certificate is requested. The status is sent back as 'current', 'expired', or 'unknown'. Online certificate validation provides a greater degree of validation of certificates when running a signed Java applet. Permitting execution of an applet with an invalid certificate may result in malware, system modification, invasion of privacy, and denial of service. NOTE: The 'JRE' directory in the file path may reflect the specific JRE release installed.

Description

Online certificate validation provides a real-time alternative to validating a certificate. When enabled, if a certificate is presented, the status of the certificate is requested. The status is sent back as 'current', 'expired', or 'unknown'. Online certificate validation provides a greater degree of validation of certificates when running a signed Java applet. Permitting execution of an applet with an invalid certificate may result in malware, system modification, invasion of privacy, and denial of service. NOTE: The 'JRE' directory in the file path may reflect the specific JRE release installed.

STIG	Date
Java Runtime Environment (JRE) 6 STIG for UNIX	2012-07-23

Details

Check Text ( C-41481r3_chk )
Navigate to the 'deployment.properties' file for Java. usr\Java\jre\lib\deployment.properties If the key 'deployment.security.validation.ocsp' is not present, this is a finding. If the key 'deployment.security.validation.ocsp' is set to 'false', this is a finding.

Fix Text (F-37121r3_fix)
Enable the 'Enable online certificate validation' option. Navigate to the 'deployment.properties' file for Java. usr\Java\jre\lib\deployment.properties Add or update the key 'deployment.security.validation.ocsp' to be 'true'.