The RUCKUS ICX device must obtain its public key certificates from an appropriate certificate policy through an approved service provider.
Severity | Group ID | Group Title | Version | Rule ID | Date | STIG Version |
|---|---|---|---|---|---|---|
| medium | V-273838 | SRG-APP-000516-NDM-000344 | RCKS-NDM-000950 | SV-273838r1110850_rule | 2025-05-28 | 1 |
| Description |
|---|
| For user certificates, each organization obtains certificates from an approved, shared service provider, as required by OMB policy. For federal agencies operating a legacy public key infrastructure cross-certified with the Federal Bridge Certification Authority at medium assurance or higher, this certification authority will suffice. |
| ℹ️ Check |
|---|
| Review the certificate used by the system using the command: SSH@ICX# show ip ssl device-certificate Certificate: Data: Version: 3 (0x2) Serial Number: 3488150 (0x353996) Signature Algorithm: sha256WithRSAEncryption Issuer: CN=RuckusPKI-DeviceSubCA-2, O=Ruckus Wireless Inc., L=Sunnyvale, ST=California, C=US Validity Not Before: Jun 9 09:40:52 2023 GMT Not After : Jun 9 09:40:52 2048 GMT Subject: CN=SN-FNNxxxxxxxx, O=Ruckus Wireless Inc., L=Sunnyvale, ST=California, C=US Subject Public Key Info: Public Key Algorithm: rsaEncryption Public-Key: (2048 bit) Modulus: 00:c5:c0:60:9a:cb:4a:a3:9f:fb:63:c6:21:c2:55: 1f:66:95:f2:9a:fb:eb:37:33:d1:73:28:4b:14:8a: ... If the certificate is not from an approved service provider, this is a finding. |
| ✔️ Fix |
|---|
| Load an approved certificate onto the system: ICX# copy scp flash x.x.x.x client_cert.pem ssl-client-cert ICX# copy scp flash x.x.x.x client_cert.key.pem ssl-client-private-key ICX# copy scp flash x.x.x.x root_cert.pem ssl-trust-cert |