无法在Cisco WLC上安装链接的SSL WebAuth证书

Question

我很难在思科WLC 2504控制器上安装StartCom的WebAuth SSL证书。它有7.2.103.0软件版本。

我已经完成了思科指南中描述的所有步骤，但是上面写着“安装证书时出错”，是的，我确信，证书的顺序是正确的(设备、中间的、根的)。是的，我有这张证书的有效钥匙。按照思科的建议，我使用了从Sourceforge下载的OpenSSL版本0.9.8。什么都帮不上忙。我在下面提供了TFTP事务的日志。

Mode............................................. TFTP
Data Type........................................ Site Cert
TFTP Server IP................................... 172.16.10.5
TFTP Packet Timeout.............................. 6
TFTP Max Retries................................. 10
TFTP Path........................................ /
TFTP Filename.................................... wlc.pem

This may take some time.
Are you sure you want to start? (y/N) y
*TransferTask: Oct 13 23:08:29.319: Memory overcommit policy changed from 0 to 1
*TransferTask: Oct 13 23:08:29.647: Delete ramdisk for ap bundle
*TransferTask: Oct 13 23:08:29.897: RESULT_STRING: TFTP Webauth cert transfer starting.
*TransferTask: Oct 13 23:08:29.898: RESULT_CODE:1

TFTP Webauth cert transfer starting.
*emWeb: Oct 13 23:08:32.318: Still waiting!  Status = 2
*TransferTask: Oct 13 23:08:33.906: Locking tftp semaphore, pHost=172.16.10.5 pFilename=/wlc.pem
*TransferTask: Oct 13 23:08:33.907: Semaphore locked, now unlocking, pHost=172.16.10.5 pFilename=/wlc.pem
*TransferTask: Oct 13 23:08:33.907: Semaphore successfully unlocked, pHost=172.16.10.5 pFilename=/wlc.pem
*TransferTask: Oct 13 23:08:33.908: TFTP: Binding to remote=172.16.10.5
*TransferTask: Oct 13 23:08:33.950: TFP End: 10021 bytes transferred (0 retransmitted packets)
*TransferTask: Oct 13 23:08:33.951: tftp rc=0, pHost=172.16.10.5 pFilename=/wlc.pem pLocalFilename=cert.p12

*TransferTask: Oct 13 23:08:33.951: RESULT_STRING: TFTP receive complete... Installing Certificate.

TFTP receive complete... Installing Certificate.
*TransferTask: Oct 13 23:08:33.951: RESULT_CODE:13
*emWeb: Oct 13 23:08:35.317: Still waiting!  Status = 2
*TransferTask: Oct 13 23:08:37.953: Adding cert (9941 bytes) with certificate key password.
*emWeb: Oct 13 23:08:38.317: Still waiting!  Status = 1
*emWeb: Oct 13 23:08:41.317: Still waiting!  Status = 1
*TransferTask: Oct 13 23:08:42.540: RESULT_STRING: Error installing certificate.
*TransferTask: Oct 13 23:08:42.540: RESULT_CODE:12

*TransferTask: Oct 13 23:08:42.541: ummounting: <umount /mnt/download/ >/dev/null 2>&1>  cwd  = /mnt/application
*TransferTask: Oct 13 23:08:42.622: finished umounting
*TransferTask: Oct 13 23:08:43.031: Create ramdisk for ap bundle
Error installing certificate.

重要的是，我已经做了相同的步骤和发送相同的PEM文件在另一个无线局域网控制器(与7.0.240.0 SW版本)，它工作良好。所以文件本身没有什么问题。如何解决这个问题？有什么想法吗？

Answer 1

这个问题已经通过使用旧版本的OpenSSL解决了。您需要OpenSSL版本0.9.8h来构建Cisco使用SW版本7.0.x接受的证书链。