Ssl

無法在 Cisco WLC 上安裝鍊式 SSL WebAuth 證書

  • May 26, 2017

我在 Cisco WLC 2504 控制器上安裝 StartCom 的用於 WebAuth 的 SSL 證書時遇到問題。它有7.2.103.0軟體版本。

我已經完成了Cisco 指南中描述的所有步驟,但它顯示“安裝證書時出錯”。是的,我確定證書的順序是正確的(設備、中間件、根)。是的,我有此證書的有效密鑰。我使用了 OpenSSL 版本0.9.8,按照 Cisco 的建議從 Sourceforge 下載。沒有什麼幫助。我在下面提供了 TFTP 事務的日誌。

Mode............................................. TFTP
Data Type........................................ Site Cert
TFTP Server IP................................... 172.16.10.5
TFTP Packet Timeout.............................. 6
TFTP Max Retries................................. 10
TFTP Path........................................ /
TFTP Filename.................................... wlc.pem

This may take some time.
Are you sure you want to start? (y/N) y
*TransferTask: Oct 13 23:08:29.319: Memory overcommit policy changed from 0 to 1
*TransferTask: Oct 13 23:08:29.647: Delete ramdisk for ap bundle
*TransferTask: Oct 13 23:08:29.897: RESULT_STRING: TFTP Webauth cert transfer starting.
*TransferTask: Oct 13 23:08:29.898: RESULT_CODE:1

TFTP Webauth cert transfer starting.
*emWeb: Oct 13 23:08:32.318: Still waiting!  Status = 2
*TransferTask: Oct 13 23:08:33.906: Locking tftp semaphore, pHost=172.16.10.5 pFilename=/wlc.pem
*TransferTask: Oct 13 23:08:33.907: Semaphore locked, now unlocking, pHost=172.16.10.5 pFilename=/wlc.pem
*TransferTask: Oct 13 23:08:33.907: Semaphore successfully unlocked, pHost=172.16.10.5 pFilename=/wlc.pem
*TransferTask: Oct 13 23:08:33.908: TFTP: Binding to remote=172.16.10.5
*TransferTask: Oct 13 23:08:33.950: TFP End: 10021 bytes transferred (0 retransmitted packets)
*TransferTask: Oct 13 23:08:33.951: tftp rc=0, pHost=172.16.10.5 pFilename=/wlc.pem pLocalFilename=cert.p12

*TransferTask: Oct 13 23:08:33.951: RESULT_STRING: TFTP receive complete... Installing Certificate.

TFTP receive complete... Installing Certificate.
*TransferTask: Oct 13 23:08:33.951: RESULT_CODE:13
*emWeb: Oct 13 23:08:35.317: Still waiting!  Status = 2
*TransferTask: Oct 13 23:08:37.953: Adding cert (9941 bytes) with certificate key password.
*emWeb: Oct 13 23:08:38.317: Still waiting!  Status = 1
*emWeb: Oct 13 23:08:41.317: Still waiting!  Status = 1
*TransferTask: Oct 13 23:08:42.540: RESULT_STRING: Error installing certificate.
*TransferTask: Oct 13 23:08:42.540: RESULT_CODE:12

*TransferTask: Oct 13 23:08:42.541: ummounting: <umount /mnt/download/ >/dev/null 2>&1>  cwd  = /mnt/application
*TransferTask: Oct 13 23:08:42.622: finished umounting
*TransferTask: Oct 13 23:08:43.031: Create ramdisk for ap bundle
Error installing certificate.

重要的是,我已經執行了相同的步驟並在另一個 WLAN 控制器(帶有SW 版本)上發送了相同的PEM 文件,並且執行良好。7.0.240.0所以文件本身沒有問題。如何解決這個問題?有任何想法嗎?

該問題已通過使用舊版本的 OpenSSL 解決。您需要 OpenSSL 版本0.9.8h來建構 Cisco WLC 接受的 SW 版本 7.0.x 的證書鏈

引用自:https://serverfault.com/questions/808929