STIGQter: STIG Summary: VMware vSphere 6.7 vCenter Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 09 Mar 2021: STIGQter: STIG Summary: VMware vSphere 6.7 vCenter Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 09 Mar 2021:SV-243113r719582_rule
V-243113
SRG-APP-000516
VCTR-67-000058
CAT II
10
Obtain a DoD-issued certificate and private key for each vCenter in the system, following these requirements:
Key size: 2048 bits or more (PEM encoded)
CRT format (Base-64)
x509 version 3
SubjectAltName must contain DNS Name=<machine_FQDN>
Contains the following Key Usages: Digital Signature, Non Repudiation, Key Encipherment
Ensure that the certificate includes all intermediates and root certificates. If it does not, export the entire certificate issuing chain up to the root in Base-64 format and concatenate the individual certificates onto the issued certificate.
From the vSphere Client, go to Administration >> Certificates >> Certificate Management >> Machine SSL Certificate.
Click Actions >> Replace.
Supply the CA-issued certificate with the exported roots file and the private key.
Click "Replace".
From the vSphere Client, go to Administration >> Certificates >> Certificate Management >> Machine SSL Certificate.
Click "View Details".
Examine the "Issuer Information" block.
If the issuer specified is not a DoD-approved certificate authority (or other AO approved CA), this is a finding.
V-243113
False
VCTR-67-000058
From the vSphere Client, go to Administration >> Certificates >> Certificate Management >> Machine SSL Certificate.
Click "View Details".
Examine the "Issuer Information" block.
If the issuer specified is not a DoD-approved certificate authority (or other AO approved CA), this is a finding.
M
5399