UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

One or more SMTP Virtual Servers do not have a Valid Certificate.


Overview

Finding ID Version Rule ID IA Controls Severity
V-18762 EMG2-133 Exch2K3 SV-20455r1_rule IAKM-2 High
Description
Server certificates are required for many security features in Exchange, and without them the server cannot engage in many forms of secure communication. Certificates must be manually installed on each virtual server. This means that installing a certificate on one SMTP Virtual Server does not give other SMTP Virtual Servers (or virtual servers of any other protocol) access to this certificate. However, once a certificate is installed on one virtual server, any other virtual server (regardless of protocol used) may easily be configured to use this certificate by selecting “Assign an existing certificate” in the first page of the Wizard. Install certificates on this virtual server. Without it, many other recommendations in this document concerning secure communication will be impossible. For highest security assurance, each virtual server should have its own certificate that it does not share with other servers. This reduces the damage due to server compromises and provides per-server identification. Failure to implement this recommendation makes it virtually impossible to secure Exchange's communications. Use of any virtual server that has not been given a certificate should be considered a highly insecure action.
STIG Date
Microsoft Exchange Server 2003 2014-08-19

Details

Check Text ( C-22477r1_chk )
Validate that Virtual Server certificates are installed for each SMTP Virtual Server.

Procedure: Exchange System Manager >> Administrative Groups >> [administrative group] >> servers >> [server] >> Protocols >> SMTP >> [specific SMTP server] >> Properties >> Access tab >> Secure Communication tab

Select the “Wizard” button to create and install a certificate. View the certificate details.

Criteria: If the SMTP virtual servers have a valid DoD-Issued certificate, this is not a finding.
Fix Text (F-19415r1_fix)
Obtain vaid DoD server certificates for SMTP services. For each SMTP virtual server, install a certificate.

Procedure: Exchange System Manager >> Administrative Groups >> [administrative group] >> Servers >> [server] >> Protocols >> SMTP >> [specific SMTP server] >> Properties >> Access Tab >> Secure Communication Tab

Select the “Wizard” button to install the certificate.