UCF STIG Viewer Logo

Exchange Servers must use approved DoD certificates.


Overview

Finding ID Version Rule ID IA Controls Severity
V-69725 EX13-CA-000030 SV-84347r1_rule Medium
Description
Server certificates are required for many security features in Exchange; without them the server cannot engage in many forms of secure communication. Failure to implement valid certificates makes it virtually impossible to secure Exchange's communications.
STIG Date
MS Exchange 2013 Client Access Server Security Technical Implementation Guide 2019-12-18

Details

Check Text ( C-70167r1_chk )
Open the Exchange Management Shell and enter the following command:

Get-ExchangeCertificate | Select CertificateDomains, issuer

If the value of CertificateDomains does not indicate it is issued by the DoD, this is a finding.
Fix Text (F-75929r1_fix)
Remove the non-DoD certificate and import the correct DoD certificates.