The RUCKUS ICX device must obtain its public key certificates from an appropriate certificate policy through an approved service provider.

For user certificates, each organization obtains certificates from an approved, shared service provider, as required by OMB policy. For federal agencies operating a legacy public key infrastructure cross-certified with the Federal Bridge Certification Authority at medium assurance or higher, this certification authority will suffice.

Review the certificate used by the system using the command: SSH@ICX# show ip ssl device-certificate Certificate: Data: Version: 3 (0x2) Serial Number: 3488150 (0x353996) Signature Algorithm: sha256WithRSAEncryption Issuer: CN=RuckusPKI-DeviceSubCA-2, O=Ruckus Wireless Inc., L=Sunnyvale, ST=California, C=US Validity Not Before: Jun 9 09:40:52 2023 GMT Not After : Jun 9 09:40:52 2048 GMT Subject: CN=SN-FNNxxxxxxxx, O=Ruckus Wireless Inc., L=Sunnyvale, ST=California, C=US Subject Public Key Info: Public Key Algorithm: rsaEncryption Public-Key: (2048 bit) Modulus: 00:c5:c0:60:9a:cb:4a:a3:9f:fb:63:c6:21:c2:55: 1f:66:95:f2:9a:fb:eb:37:33:d1:73:28:4b:14:8a: ... If the certificate is not from an approved service provider, this is a finding.

Load an approved certificate onto the system: ICX# copy scp flash x.x.x.x client_cert.pem ssl-client-cert ICX# copy scp flash x.x.x.x client_cert.key.pem ssl-client-private-key ICX# copy scp flash x.x.x.x root_cert.pem ssl-trust-cert