Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-224991 | WN16-DC-000280 | SV-224991r569186_rule | Medium |
Description |
---|
Domain controllers are part of the chain of trust for PKI authentications. Without the appropriate certificate, the authenticity of the domain controller cannot be verified. Domain controllers must have a server certificate to establish authenticity as part of PKI authentications in the domain. |
STIG | Date |
---|---|
Microsoft Windows Server 2016 Security Technical Implementation Guide | 2020-10-15 |
Check Text ( C-26682r465875_chk ) |
---|
This applies to domain controllers. It is NA for other systems. Run "MMC". Select "Add/Remove Snap-in" from the "File" menu. Select "Certificates" in the left pane and click the "Add >" button. Select "Computer Account" and click "Next". Select the appropriate option for "Select the computer you want this snap-in to manage" and click "Finish". Click "OK". Select and expand the Certificates (Local Computer) entry in the left pane. Select and expand the Personal entry in the left pane. Select the Certificates entry in the left pane. If no certificate for the domain controller exists in the right pane, this is a finding. |
Fix Text (F-26670r465876_fix) |
---|
Obtain a server certificate for the domain controller. |