UCF STIG Viewer Logo

The option to enable online certificate validation must be enabled.


Finding ID Version Rule ID IA Controls Severity
V-32832 JRE0040-UX SV-43618r1_rule Medium
Online certificate validation provides a real-time option to validate a certificate. When enabled, if a certificate is presented, the status of the certificate is requested. The status is sent back as 'current', 'expired', or 'unknown'. Online certificate validation provides a greater degree of validation of certificates when running a signed Java applet. Permitting execution of an applet with an invalid certificate may result in malware execution , system modification, invasion of privacy, and denial of service. NOTE: The 'JRE' directory in the file path may reflect the specific JRE release installed.
Java Runtime Environment (JRE) Version 7 STIG for Unix 2013-03-11


Check Text ( C-41481r7_chk )
Navigate to the 'deployment.properties' file for Java.

Examine the deployment.properties file for the 'deployment.security.validation.ocsp' key. If the 'deployment.security.validation.ocsp' key is not present, this is a finding.

If the key 'deployment.security.validation.ocsp' is set to 'false', this is a finding.
Fix Text (F-37121r5_fix)
Enable the 'Enable online certificate validation' option.
Navigate to the 'deployment.properties' file for Java.
Add or update the key
'deployment.security.validation.ocsp' to be 'true'.