|Finding ID||Version||Rule ID||IA Controls||Severity|
|V-13672||WG145 IIS6||SV-28796r1_rule||IATS-1 IATS-2||Medium|
|Without the use of a certificate validation process, the site is vulnerable to accepting expired or revoked certificates. This would allow unauthorized individuals access to the web server. This also defeats the purpose of the multi-factor authentication provided by the PKI process.|
|Check Text ( C-37412r1_chk )|
| 1. Select Start > Select Run > Enter the path to the Metabase.xml file (default is %systemroot\system32\inetsrv\Metabase.xml) |
2. Select Cntrl+F > Enter CertCheckMode.
3. Ensure ServerComment property, a few lines after the CertCheckMode property, contains the name of the web site being reviewed.
3. Verify this property is set to 0.
If the value of this property is not set to 0, this is a finding.
NOTE: The value for this parameter defaults to 0, which means the CRL checking is enabled. So, if the web site being reviewed is missing this parameter, this would not be a finding.
NOTE: If the property exists in both the server location, LM/W3SVC/CertCheckMode, and at the site level, W3SVC/(site name)/CertCheckMode, the value at the site will override the value at the server level. So, in this case, if the server is set to 0, and the site is set to 1, it would be a finding for the site being reviewed.
|Fix Text (F-32648r1_fix)|
|Configure the DoD Private Web Server to conduct certificate revocation checking.|