{"description": "Configure the web site to use a valid organizationally defined certificate.\nFor DoD, this is a DoD server certificate issued by the DoD CA.", "rationale": "This check verifies that DoD is a hosted web site's CA. The certificate is\nactually a DoD-issued server certificate used by the organization being\nreviewed. This is used to verify the authenticity of the web site to the user.\nIf the certificate is not for the server (Certificate belongs to), if the\ncertificate is not issued by DoD (Certificate was issued by), or if the current\ndate is not included in the valid date (Certificate is valid from), then there\nis no assurance that the use of the certificate is valid. The entire purpose of\nusing a certificate is, therefore, compromised.", "severity": "medium", "references": {}, "control_references": {}, "components": [], "identifiers": {}, "ocil_clause": "it is not", "ocil": "Open browser window and browse to the appropriate site. Before entry to the\nsite, you should be presented with the server's PKI credentials. Review\nthese credentials for authenticity.\n<br /><br />\nFor DoD, find an entry which cites:\n<pre>\nIssuer:\nCN =\nDOD CLASS 3 CA-3\nOU = PKI\nOU = DoD\nO = U.S. Government\nC = US\n</pre>", "oval_external_content": null, "fixtext": "", "checktext": "", "vuldiscussion": "", "srg_requirement": "", "warnings": [], "conflicts": [], "requires": [], "policy_specific_content": {}, "platform": null, "platforms": [], "sce_metadata": {}, "inherited_platforms": [], "cpe_platform_names": [], "inherited_cpe_platform_names": [], "bash_conditional": null, "fixes": {}, "title": "Configure A Valid Server Certificate", "definition_location": "/aptdata/openscap/scap-security-guide/linux_os/guide/services/http/securing_httpd/httpd_modules_improve_security/httpd_deploy_mod_ssl/httpd_configure_valid_server_cert/rule.yml", "template": null}