Guest

Preview Tool

Cisco Bug: CSCur23175 - WAAS SSL AO is not sending chained certificates in the correct order.

Last Modified

Oct 02, 2017

Products (1)

  • Cisco Wide Area Application Services (WAAS) Appliances

Known Affected Releases

5.1(1h) 5.2(1) 5.3(5c)

Description (partial)

Symptom:
When WAAS SSL AO has an accelerated service configured with a chain certificate (PKCS12 file) it is not sending the chained certificate in the correct order to the customer.  This causes certain SSL clients to fail.

From the RFC the correct order should be:
Server certificate
Intermediate certificate 1 that signed the server
Intermediate certificate 2 that signed the Intermediate certificate 1
Root CA that signed intermediate certificate 2.

Where the SSL AO is sending
Server certificate
Root CA that signed intermediate certificate 2.
Intermediate certificate 2 that signed the Intermediate certificate 1
Intermediate certificate 1 that signed the server

Conditions:
SSL AO 
Chained certificates
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.