Home Applications Security Remediation SSL Certificates

SSL Certificates

This page serves as a central point of information regarding SSL certificate management for applications, devices, and operating systems. Administrators are encouraged to use the information on this page to help better secure their environments. Most of these procedures will remediate one or more Tenable plugins and therefore should help sites improve their monthly vulnerability management scores. Guidance on this page can also be used to address issues caused by recent changes relating to HTTP Strict Transport Security (HSTS). This page will be updated regularly as new procedures become available.

Requesting SSL Certificates

An SSL certificate signed by a valid certificate authority (CA) will need to be obtained from one of the three sources below, depending on need.

Active Directory Certificate Services

When to use: When an internal FQDN server or web application certificate is needed for name.gs.doi.net, name.usgs.gov, or name.xr.usgs.gov

Examples: IGSKMN907STEST10.gs.doi.net, IGSKMN907STEST10.cr.usgs.gov, TEST10.usgs.gov

Refer to AD Certificate Services for instructions on how to request a certificate using ADCS.

NatWeb Wildcard Certificates

When to use: When an internal or public wildcard web application certificate can be used

Examples: For any USGS website ending in the following*:

star.cr.usgs.gov
star.er.usgs.gov
star.usgs.gov
star.water.usgs.gov
star.waterdata.usgs.gov
star.wr.usgs.gov

* Note: Sites should use usgs.gov public facing sites instead of regional sites (xr.usgs.gov) whenever possible.

Use this form to request a wildcard SSL certificate form NatWeb.

DigiCert Certificates

When to use: When an internal or public standard registered domain name certificate is required.

Examples: samplesite.usgs.gov, IGSKMN907STEST10.usgs.gov.

Visit this page for more information on requesting a certificate from DigiCert.

ManageEngine EventLog Analyzer

Instructions for installing SSL certificates in EventLog Analyzer can be found here.

Microsoft IIS

Instructions for installing SSL certificates in Microsoft IIS can be found here.

Microsoft SQL Server

Instructions for installing SSL certificates in Microsoft SQL Server can be found here.

Microsoft Windows Server

Guidance on installing SSL certificates on Microsoft Windows Server can be found here.

VMware vCenter

Instructions for installing SSL certificates in VMware vCenter Server can be found under the “post-installation” section on this page.

Comments are closed.