Web Authentication | Compatibility (matrix) of Cisco 5508 WLC firmware version 8.0.152.0 with SHA2 c...

ak1871 · ‎02-13-2019

Generating a chained SHA2 certificate for Web Authentication with OpenSSL version 1.0.1e-fips and installing on a Cisco 5508 WLC running firmware version 8.2.170.0 successful.

The installation of the same certificate(s) on a Cisco 5508 WLC running firmware version 8.0.152.0 NOT successful.

What is the required OpenSSL version assuming that 8.0.152.0 does support SHA2 certificates?

Failing with the installation of the mentioned certificate(s) on a 8.0.152.0 WLC: Is this eventually based on another reason and/or bug?

Is there a compatibility matrix (OpenSSL | WLC firmware version | SHA2 support) available/defined?

Sandeep Choudhary · ‎02-13-2019

Hi,

Note: OpenSSL Version 0.9.8 is the recommended version for old WLC releases;

Regards

Dont forget to rate helpful posts

ak1871 · ‎02-13-2019

Thank you.

However Cisco is saying: OpenSSL Version 0.9.8 is the recommended version for old WLC releases; however, as of Version 7.5, support for OpenSSL Version 1.0 was also added (refer to Cisco bug ID CSCti65315 - Need Support for certificates generated using OpenSSL v1.0) and is the recommended version to use. OpenSSL 1.1 works was also tested and works great on 8.x and later WLC releases.

Other question: Does version 8.0.152.0 support Chained SHA2 Certificates?

Sandeep Choudhary · ‎02-13-2019

As per my info, The WLC supports SHA-2 certificates since release 8.0.100.0

https://itigloo.com/security/generate-an-openssl-certificate-request-with-sha-256-signature/

Regards

Dont forget to rate helpful posts

Web Authentication | Compatibility (matrix) of Cisco 5508 WLC firmware version 8.0.152.0 with SHA2 chained certificate and OpenSSL (version 1.0.1)