STIGhubSTIGhub
STIGsRMF ControlsCompare
STIGhub— A free STIG search and compliance tool·STIGs updated 3 days ago
Powered by Pylon·Privacy·Terms·© 2026 Beacon Cloud Solutions, Inc.
← Back to Microsoft Windows Server 2025 Security Technical Implementation Guide

V-278159

CAT II (Medium)

Windows Server 2025 domain controllers must have a PKI server certificate.

Rule ID

SV-278159r1182124_rule

STIG

Microsoft Windows Server 2025 Security Technical Implementation Guide

Version

V1R1

CCIs

CCI-000185

Discussion

Domain controllers are part of the chain of trust for PKI authentications. Without the appropriate certificate, the authenticity of the domain controller cannot be verified. Domain controllers must have a server certificate to establish authenticity as part of PKI authentications in the domain.

Check Content

This applies to domain controllers. It is not applicable for other systems.

Run "MMC".

Select "Add/Remove Snap-in" from the "File" menu.

Select "Certificates" in the left pane, and then click "Add >".

Select "Computer Account", and then click "Next".

Select the appropriate option for "Select the computer you want this snap-in to manage", and then click "Finish".

Click "OK".

Select and expand the "Certificates (Local Computer)" entry in the left pane.

Select and expand the "Personal" entry in the left pane.

Select the "Certificates" entry in the left pane.

If no certificate for the domain controller exists in the right pane, this is a finding.

Fix Text

Obtain a server certificate for the domain controller.