| Hostname | IP Address | Status | Assigned To | Last Scan | Actions |
|---|---|---|---|---|---|
| MONT-MB-002 | 164.231.187.36 | 2026-01-14 | |||
Finding DetailsEvaluate-STIG 1.2507.5 (Scan-MSExchange2016MB_Checks) found this to be OPEN on 10/23/2025 ResultHash: E93B95A4ADD9CAD25899E809C74CFE6B9B22C253 ~~~~~ CertificateDomains: MONT-MB-002.MONTFORD-POINT.navy.mil Subject: CN=MONT-MB-002.MONTFORD-POINT.navy.mil, OU=USN, OU=PKI, OU=DoD, O=U.S. Government, C=US Issuer: CN=DOD SW CA-67, OU=PKI, OU=DoD, O=U.S. Government, C=US Services: IMAP, POP NotAfter: 06/12/2026 18:24:02 Thumbprint: 4474E394A46CBB595F7C2A2CF85C3E59BD4C84E6 CertificateDomains: mont-mb-002.montford-point.navy.mil, MONT-MB-002.MONTFORD-POINT.navy Subject: CN=mont-mb-002.montford-point.navy.mil, OU=USN, OU=PKI, OU=DoD, O=U.S. Government, C=US Issuer: CN=DOD SW CA-67, OU=PKI, OU=DoD, O=U.S. Government, C=US Services: IMAP, POP, IIS, SMTP NotAfter: 06/08/2026 18:52:58 Thumbprint: 76C9C9B1E8EECDDD4A3ECB0107EF19938933B161 CertificateDomains: Subject: CN=Microsoft Exchange Server Auth Certificate Issuer: CN=Microsoft Exchange Server Auth Certificate [Not DoD issued] Services: SMTP NotAfter: 04/22/2028 17:52:30 Thumbprint: 0E3F5680CCC5915CC6B67F86BEE0307E0B7C0DA2 CertificateDomains: MONT-MB-002, MONT-MB-002.MONTFORD-POINT.navy.mil Subject: CN=MONT-MB-002 Issuer: CN=MONT-MB-002 [Not DoD issued] Services: IMAP, POP, SMTP NotAfter: 05/19/2028 17:51:07 Thumbprint: 3789117E46E20EB76C5406B7D0BCAE3C307F6BC3 CertificateDomains: WMSvc-SHA2-MONT-MB-002 Subject: CN=WMSvc-SHA2-MONT-MB-002 Issuer: CN=WMSvc-SHA2-MONT-MB-002 [Not DoD issued] Services: None NotAfter: 05/16/2033 17:33:20 Thumbprint: DF9858A0D9DDF8AEF88B8D4DFAC2C6EAB81DE294 Comments |
|||||
Check Text
Open the Exchange Management Shell and enter the following command: Get-ExchangeCertificate | Select CertificateDomains, issuer If the value of "CertificateDomains" does not indicate it is issued by the DoD, this is a finding.
Fix Text
Remove the non-DoD certificate and import the correct DoD certificates.