| CCE-82057-1 |
Enable Shared System Certificates |
enable |
via update-ca-trust |
The Shared System Certificates store makes NSS, GnuTLS, OpenSSL, and Java share a default source for retrieving system certificate anchors and blacklist information. Firefox has the capability of using this centralized store for its CA certificates. If the Shared System Certificates store is disabled, it can be enabled by running the following command: $ sudo update-ca-trust enable |
The DOD root certificate will ensure that the trust chain is established for server certificates issued from the DOD CA. |
medium |
AC-10 |
NaN |
NaN |
NaN |
The DoD Root Certificate Is Required |
| CCE-82056-3 |
The DoD Root Certificate Exists |
configure |
via update-ca-trust |
The DoD root certificate should be installed in the Shared System Certificates store for Firefox to be able to access the DoD certificate. To install the root certificated into the Shared System Certificates store, copy the DoD root certificate into /etc/pki/ca-trust/source/anchors. Once the file is copied, run the following command: $ sudo update-ca-trust extract |
The DOD root certificate will ensure that the trust chain is established for server certificates issued from the DOD CA. |
medium |
AC-10 |
NaN |
NaN |
NaN |
The DoD Root Certificate Is Required |