Cisco Bug: CSCur23175 - WAAS SSL AO is not sending chained certificates in the correct order.
Oct 02, 2017
- Cisco Wide Area Application Services (WAAS) Appliances
Known Affected Releases
5.1(1h) 5.2(1) 5.3(5c)
Symptom: When WAAS SSL AO has an accelerated service configured with a chain certificate (PKCS12 file) it is not sending the chained certificate in the correct order to the customer. This causes certain SSL clients to fail. From the RFC the correct order should be: Server certificate Intermediate certificate 1 that signed the server Intermediate certificate 2 that signed the Intermediate certificate 1 Root CA that signed intermediate certificate 2. Where the SSL AO is sending Server certificate Root CA that signed intermediate certificate 2. Intermediate certificate 2 that signed the Intermediate certificate 1 Intermediate certificate 1 that signed the server Conditions: SSL AO Chained certificates
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.
Bug Details Include
- Full Description (including symptoms, conditions and workarounds)
- Known Fixed Releases
- Related Community Discussions
- Number of Related Support Cases