STIGQter: STIG Summary: IBM MQ Appliance v9.0 NDM Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 05 Jun 2017: STIGQter: STIG Summary: IBM MQ Appliance v9.0 NDM Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 05 Jun 2017:SV-89697r1_rule
V-75023
SRG-APP-000516-NDM-000344
MQMH-ND-001520
CAT II
10
Obtain MQ Appliance and client certs from an approved CA or ECA as required by DoD policy.
Log on to the MQ Appliance WebGUI as a privileged user.
Import approved certs to the cert directory:
- Click on the Administration (gear) icon.
- Under Main, click on File Management.
- Click cert directory.
- Click Actions.
- Upload files.
- Browse to select MQ Appl cert.
- Add.
- Browse to select client cert.
- Add.
- [Repeat Browse and Add for all desired client certs.]
- Upload.
- Continue.
Create cert aliases for use in MQ Appliance configurations (CLI). Enter:
co
crypto
certificate <MQAppliance CryptoCert alias> cert:///<MQAppl cert file name>
certificate <client CryptoCert alias> cert:///<client cert file name>
[Repeat certificate command for any additional client certs.]
exit
write mem
y
Log on to the MQ Appliance CLI as a privileged user. To verify certs, enter:
co
crypto
show certificate [lists all defined cert aliases]
Verify the following:
All certificate aliases point to standard DoD cert files and none are self-generated.
If the certificates were not generated by a DoD approved CA, or if they are self-signed certificates, this is a finding.
V-75023
False
MQMH-ND-001520
Log on to the MQ Appliance CLI as a privileged user. To verify certs, enter:
co
crypto
show certificate [lists all defined cert aliases]
Verify the following:
All certificate aliases point to standard DoD cert files and none are self-generated.
If the certificates were not generated by a DoD approved CA, or if they are self-signed certificates, this is a finding.
M
3243