7.8 Ensure that CA certificates are rotated as appropriate

Information

You should rotate root CA certificates as appropriate.

Docker Swarm uses TLS for clustering operations between its nodes. Certificate rotation ensures that in an event such as a compromised node or key, it is difficult to impersonate a node. Node certificates depend upon root CA certificates. For operational security, it is important to rotate these frequently. Currently, root CA certificates are not rotated automatically and you should therefore establish a process for rotating them in line with your organizational security policy.

NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.

Solution

You should run the command below to rotate a certificate.

docker swarm ca --rotate

Impact:

None

See Also

https://workbench.cisecurity.org/benchmarks/16041

Item Details

Category: IDENTIFICATION AND AUTHENTICATION

References: 800-53|IA-5(1), CSCv7|4.4

Plugin: Unix

Control ID: c96e10bb15e6042aa300d66cf068090fedd3f3e911042160bf605cf4d44e7d07