The Nokia router must obtain its public key certificates from an appropriate certificate policy through an approved service provider.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
| V-283787 | NOKI-ND-000920 | SV-283787r1203406_rule | CCI-000366 | medium |
| Description | ||||
| The aggregation of log data kept on a syslog server can be used to detect attacks and trigger an alert to the appropriate security personnel. The stored log data can be used to detect weaknesses in security that enable the network Information Assurance team to find and address these weaknesses before breaches can occur. Reviewing these logs, whether before or after a security breach, is important in showing whether someone is an internal employee or outside threat. | ||||
| STIG | Date | |||
| Nokia Service Router OS 25.x Network Device Management Security Technical Implementation Guide | 2026-06-15 | |||
Details
Check Text (C-283787r1203406_chk)
Determine if the Nokia router obtains public key certificates from an appropriate certificate policy through an approved service provider.
Use the command below for certificate-authority profile information:
- show certificate ca-profile
Max Cert Chain Depth: 7 (default)
Certificate Display Format: 1 ASCII
CA Profile
CA Profile Admin Oper Cert File CRL File
State State
CA0 up up CA1-00cert.der CA1-00crl.der
CA1 up up CA1-01cert.der CA1-01crl.der
CA2 up up CA1-02cert.der CA1-02crl.der
CA3 up up CA1-03cert.der CA1-03crl.der
CA4 up up CA1-04cert.der CA1-04crl.der
CA5 up up rsa_sha512_1024_0cert.d* rsa_sha512_1024_0crl.der
CA6 up up rsa_sha512_1024_1cert.d* rsa_sha512_1024_1crl.der
CA7 up up rsa_sha512_1024_2cert.d* rsa_sha512_1024_2crl.der
CA8 up up rsa_sha512_1024_3cert.d* rsa_sha512_1024_3crl.der
CA9 up up rsa_sha512_1024_4cert.d* rsa_sha512_1024_4crl.der
CA10 up up rsa_sha512_1024_5cert.d* rsa_sha512_1024_5crl.der
CA11 up up rsa_sha384_1024_0cert.d* rsa_sha384_1024_0crl.der
CA12 up up rsa_sha384_1024_1cert.d* rsa_sha384_1024_1crl.der
CA13 up up rsa_sha384_1024_2cert.d* rsa_sha384_1024_2crl.der
CA14 up up rsa_sha384_1024_3cert.d* rsa_sha384_1024_3crl.der
CA15 up up rsa_sha384_1024_4cert.d* rsa_sha384_1024_4crl.der
CA16 up up rsa_sha384_1024_5cert.d* rsa_sha384_1024_5crl.der
CMPv2 up up rsaCMPv2cert.der rsaCMPv2CRL.der
Entries found: 18
If the Nokia router does not obtain its public key certificates from an appropriate certificate policy through an approved service provider, this is a finding.
Fix Text (F-88257r1203405_fix)
Configure the Nokia router to obtain its public key certificates from an appropriate certificate policy through an approved service provider.
Generate a key pair using the command below:
- admin certificate gen-keypair
Generate a PKCS#10 certificate signing request with the key generated in the previous step (optionally an FQDN or IP address can be specified):
- admin certificate gen-local-cert-req keypair <url-string> subject-dn <subject-dn> file <url-string>
Import the key file:
- admin certificate import type z,type> input <url-string> output <file name> format <format>
Import the resulting certificate:
- admin certificate import