Ssl
無法在 Cisco WLC 上安裝鍊式 SSL WebAuth 證書
我在 Cisco WLC 2504 控制器上安裝 StartCom 的用於 WebAuth 的 SSL 證書時遇到問題。它有
7.2.103.0
軟體版本。我已經完成了Cisco 指南中描述的所有步驟,但它顯示“安裝證書時出錯”。是的,我確定證書的順序是正確的(設備、中間件、根)。是的,我有此證書的有效密鑰。我使用了 OpenSSL 版本
0.9.8
,按照 Cisco 的建議從 Sourceforge 下載。沒有什麼幫助。我在下面提供了 TFTP 事務的日誌。Mode............................................. TFTP Data Type........................................ Site Cert TFTP Server IP................................... 172.16.10.5 TFTP Packet Timeout.............................. 6 TFTP Max Retries................................. 10 TFTP Path........................................ / TFTP Filename.................................... wlc.pem This may take some time. Are you sure you want to start? (y/N) y *TransferTask: Oct 13 23:08:29.319: Memory overcommit policy changed from 0 to 1 *TransferTask: Oct 13 23:08:29.647: Delete ramdisk for ap bundle *TransferTask: Oct 13 23:08:29.897: RESULT_STRING: TFTP Webauth cert transfer starting. *TransferTask: Oct 13 23:08:29.898: RESULT_CODE:1 TFTP Webauth cert transfer starting. *emWeb: Oct 13 23:08:32.318: Still waiting! Status = 2 *TransferTask: Oct 13 23:08:33.906: Locking tftp semaphore, pHost=172.16.10.5 pFilename=/wlc.pem *TransferTask: Oct 13 23:08:33.907: Semaphore locked, now unlocking, pHost=172.16.10.5 pFilename=/wlc.pem *TransferTask: Oct 13 23:08:33.907: Semaphore successfully unlocked, pHost=172.16.10.5 pFilename=/wlc.pem *TransferTask: Oct 13 23:08:33.908: TFTP: Binding to remote=172.16.10.5 *TransferTask: Oct 13 23:08:33.950: TFP End: 10021 bytes transferred (0 retransmitted packets) *TransferTask: Oct 13 23:08:33.951: tftp rc=0, pHost=172.16.10.5 pFilename=/wlc.pem pLocalFilename=cert.p12 *TransferTask: Oct 13 23:08:33.951: RESULT_STRING: TFTP receive complete... Installing Certificate. TFTP receive complete... Installing Certificate. *TransferTask: Oct 13 23:08:33.951: RESULT_CODE:13 *emWeb: Oct 13 23:08:35.317: Still waiting! Status = 2 *TransferTask: Oct 13 23:08:37.953: Adding cert (9941 bytes) with certificate key password. *emWeb: Oct 13 23:08:38.317: Still waiting! Status = 1 *emWeb: Oct 13 23:08:41.317: Still waiting! Status = 1 *TransferTask: Oct 13 23:08:42.540: RESULT_STRING: Error installing certificate. *TransferTask: Oct 13 23:08:42.540: RESULT_CODE:12 *TransferTask: Oct 13 23:08:42.541: ummounting: <umount /mnt/download/ >/dev/null 2>&1> cwd = /mnt/application *TransferTask: Oct 13 23:08:42.622: finished umounting *TransferTask: Oct 13 23:08:43.031: Create ramdisk for ap bundle Error installing certificate.
重要的是,我已經執行了相同的步驟並在另一個 WLAN 控制器(帶有SW 版本)上發送了相同的PEM 文件,並且執行良好。
7.0.240.0
所以文件本身沒有問題。如何解決這個問題?有任何想法嗎?
該問題已通過使用舊版本的 OpenSSL 解決。您需要 OpenSSL 版本0.9.8h來建構 Cisco WLC 接受的 SW 版本 7.0.x 的證書鏈