Rule ID
SV-273838r1110850_rule
Version
V1R1
For user certificates, each organization obtains certificates from an approved, shared service provider, as required by OMB policy. For federal agencies operating a legacy public key infrastructure cross-certified with the Federal Bridge Certification Authority at medium assurance or higher, this certification authority will suffice.
Review the certificate used by the system using the command:
SSH@ICX# show ip ssl device-certificate
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 3488150 (0x353996)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=RuckusPKI-DeviceSubCA-2, O=Ruckus Wireless Inc., L=Sunnyvale, ST=California, C=US
Validity
Not Before: Jun 9 09:40:52 2023 GMT
Not After : Jun 9 09:40:52 2048 GMT
Subject: CN=SN-FNNxxxxxxxx, O=Ruckus Wireless Inc., L=Sunnyvale, ST=California, C=US
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:c5:c0:60:9a:cb:4a:a3:9f:fb:63:c6:21:c2:55:
1f:66:95:f2:9a:fb:eb:37:33:d1:73:28:4b:14:8a:
...
If the certificate is not from an approved service provider, this is a finding.Load an approved certificate onto the system: ICX# copy scp flash x.x.x.x client_cert.pem ssl-client-cert ICX# copy scp flash x.x.x.x client_cert.key.pem ssl-client-private-key ICX# copy scp flash x.x.x.x root_cert.pem ssl-trust-cert