Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-237434 | SCOM-CM-000003 | SV-237434r643948_rule | Low |
Description |
---|
Web certificates should always be signed by a trusted signer and never self-signed. |
STIG | Date |
---|---|
Microsoft SCOM Security Technical Implementation Guide | 2021-03-15 |
Check Text ( C-40653r643946_chk ) |
---|
From the web console server, open IIS. Right-click on the Default Website and choose Edit Bindings. Select the https binding and click edit. Click View to view the certificate being used to protect the website. If the certificate is not issued by a DoD CA or a trusted internal CA, this is a finding. |
Fix Text (F-40616r643947_fix) |
---|
Issue a web corticated from a trusted internal CA server as this will be required for https protocols to function properly. It will need to be installed on the server in advance. From the SCOM web console server, open IIS. Right-click on the Default Website and choose edit bindings. Click on the https binding and click edit. For the SSL certificate drop down, choose the new certificate. Click OK. Test https access to the SCOM web console and troubleshoot if connectivity is not working. Once connectivity is established, delete the http binding. |