The RUCKUS ICX device must obtain its public key certificates from an appropriate certificate policy through an approved service provider.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
| V-273838 | RCKS-NDM-000950 | SV-273838r1110850_rule | CCI-000366 | medium |
| Description | ||||
| For user certificates, each organization obtains certificates from an approved, shared service provider, as required by OMB policy. For federal agencies operating a legacy public key infrastructure cross-certified with the Federal Bridge Certification Authority at medium assurance or higher, this certification authority will suffice. | ||||
| STIG | Date | |||
| RUCKUS ICX NDM Security Technical Implementation Guide | 2025-05-28 | |||
Details
Check Text (C-273838r1110850_chk)
Review the certificate used by the system using the command:
SSH@ICX# show ip ssl device-certificate
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 3488150 (0x353996)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=RuckusPKI-DeviceSubCA-2, O=Ruckus Wireless Inc., L=Sunnyvale, ST=California, C=US
Validity
Not Before: Jun 9 09:40:52 2023 GMT
Not After : Jun 9 09:40:52 2048 GMT
Subject: CN=SN-FNNxxxxxxxx, O=Ruckus Wireless Inc., L=Sunnyvale, ST=California, C=US
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:c5:c0:60:9a:cb:4a:a3:9f:fb:63:c6:21:c2:55:
1f:66:95:f2:9a:fb:eb:37:33:d1:73:28:4b:14:8a:
...
If the certificate is not from an approved service provider, this is a finding.
Fix Text (F-77834r1110694_fix)
Load an approved certificate onto the system:
ICX# copy scp flash x.x.x.x client_cert.pem ssl-client-cert
ICX# copy scp flash x.x.x.x client_cert.key.pem ssl-client-private-key
ICX# copy scp flash x.x.x.x root_cert.pem ssl-trust-cert