| Vuln ID | Severity | Asset | STIG | Title | Status | Doc Status | Assigned To | Actions |
|---|---|---|---|---|---|---|---|---|
| V-228355 | CAT II | MONT-MB-002 | Microsoft Exchange 2016 Mailbox Server S... | Exchange servers must use approved DoD certificate... | - | |||
Check TextOpen the Exchange Management Shell and enter the following command: Get-ExchangeCertificate | Select CertificateDomains, issuer If the value of "CertificateDomains" does not indicate it is issued by the DoD, this is a finding. Fix TextRemove the non-DoD certificate and import the correct DoD certificates. Finding DetailsEvaluate-STIG 1.2507.5 (Scan-MSExchange2016MB_Checks) found this to be OPEN on 10/23/2025 ResultHash: E93B95A4ADD9CAD25899E809C74CFE6B9B22C253 ~~~~~ CertificateDomains: MONT-MB-002.MONTFORD-POINT.navy.mil Subject: CN=MONT-MB-002.MONTFORD-POINT.navy.mil, OU=USN, OU=PKI, OU=DoD, O=U.S. Government, C=US Issuer: CN=DOD SW CA-67, OU=PKI, OU=DoD, O=U.S. Government, C=US Services: IMAP, POP NotAfter: 06/12/2026 18:24:02 Thumbprint: 4474E394A46CBB595F7C2A2CF85C3E59BD4C84E6 CertificateDomains: mont-mb-002.montford-point.navy.mil, MONT-MB-002.MONTFORD-POINT.navy Subject: CN=mont-mb-002.montford-point.navy.mil, OU=USN, OU=PKI, OU=DoD, O=U.S. Government, C=US Issuer: CN=DOD SW CA-67, OU=PKI, OU=DoD, O=U.S. Government, C=US Services: IMAP, POP, IIS, SMTP NotAfter: 06/08/2026 18:52:58 Thumbprint: 76C9C9B1E8EECDDD4A3ECB0107EF19938933B161 CertificateDomains: Subject: CN=Microsoft Exchange Server Auth Certificate Issuer: CN=Microsoft Exchange Server Auth Certificate [Not DoD issued] Services: SMTP NotAfter: 04/22/2028 17:52:30 Thumbprint: 0E3F5680CCC5915CC6B67F86BEE0307E0B7C0DA2 CertificateDomains: MONT-MB-002, MONT-MB-002.MONTFORD-POINT.navy.mil Subject: CN=MONT-MB-002 Issuer: CN=MONT-MB-002 [Not DoD issued] Services: IMAP, POP, SMTP NotAfter: 05/19/2028 17:51:07 Thumbprint: 3789117E46E20EB76C5406B7D0BCAE3C307F6BC3 CertificateDomains: WMSvc-SHA2-MONT-MB-002 Subject: CN=WMSvc-SHA2-MONT-MB-002 Issuer: CN=WMSvc-SHA2-MONT-MB-002 [Not DoD issued] Services: None NotAfter: 05/16/2033 17:33:20 Thumbprint: DF9858A0D9DDF8AEF88B8D4DFAC2C6EAB81DE294
Source: _Reviewed/MONT-MB-002/Checklist/MONT-MB-002_MSExchange2016MB_V2R6_20251023-152357.ckl
Scan Date: 2026-01-14T12:57:33.455034
Technology Area: Exchange Server
|
||||||||