The WebSphere Application Server must not generate LTPA keys automatically.

From IBM WebSphere Traditional V9.x Security Technical Implementation Guide

Part of SRG-APP-000428-AS-000265

Associated with: CCI-002475

SV-96095r1_rule The WebSphere Application Server must not generate LTPA keys automatically.

Vulnerability discussion

Automated LTPA key generation can create unplanned outages. Plan to change your LTPA keys during a scheduled outage. Distribute the new keys to all nodes in the cell and to all external systems/cells during this outage window.

Check content

If LTPA is not utilized, this is not applicable. Request the documented process to manually regenerate the LTPA keys. The time period for regeneration must be defined, documented, and accepted by the ISSO but must be performed at least annually. Navigate to Security >> SSL Certificate and Key Management >> Key set groups >> Cell LTPAKeySetGroup. If automatically generate keys is checked, this is a finding.

Fix text

Navigate to Security >> SSL Certificate and Key Management >> Key set groups >> Cell LTPAKeySetGroup. Uncheck automatically generate keys. Click "OK". Click "Save". Restart the "Deployment Manager".

Pro Tips

Lavender hyperlinks in small type off to the right (of CSS class id, if you view the page source) point to globally unique URIs for each document and item. Copy the link location and paste anywhere you need to talk unambiguously about these things.

You can obtain data about documents and items in other formats. Simply provide an HTTP header Accept: text/turtle or Accept: application/rdf+xml.

Powered by sagemincer