Issue installing a SSL certificate on WLC

Unanswered Question

I have a certificate obtained from verisign for logging in a wireless campus network, and I'm installing it via TFTP to the WLC. At the end of the transference appear the next message


"TFTP WPS Signature file transfer starting.


TFTP receive complete... updating WPS signatures.


Error in signature file. Please check message log"


In WLC log files apears the next issues:


Thu Mar 12 15:39:55 2009 [ERROR] sig.c 758: ERROR reading revision number from new signature file

Thu Mar 12 15:39:55 2009 [ERROR] sig.c 531: ERROR parsing revision number

Thu Mar 12 15:39:55 2009 [ERROR] sig.c 459: ERROR: No value specified for token Bag Attributes


But I don't know what excactly that means, and how can I fix it.


For doing this work I followed a Cisco Guide for this approach, using the OpenSSL program.



  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (2 ratings)
Loading.
didyap Wed, 03/18/2009 - 09:41
User Badges:
  • Silver, 250 points or more

To configures SSL certificates, use the config certificate command.


config certificate {generate {webadmin | webauth} | compatibility {on | off}}


Where generate {webadmin | webauth} Generates a new web administration certificate or a a new web authentication certificate.

compatibility {on | off} Enables or disables compatibility mode for inter-Cisco Wireless LAN controller ipsec


I fixed the last issue, but now the certificate is already in the WLC but is not installed, the log file says:


Fri Mar 20 10:33:11 2009 [ERROR] sig.c 758: ERROR reading revision number from new signature file

Fri Mar 20 10:33:11 2009 [ERROR] sig.c 531: ERROR parsing revision number

Fri Mar 20 10:33:11 2009 [ERROR] sig.c 459: ERROR: No value specified for token



The compatibility is on. The file is .crt for testing i've changed for .cer and .pem but any of them has been successful



In addition appears this lines, I think this is the real problem



Fri Mar 20 10:57:51 2009 [ERROR] updcode.c 777: 1 returned from ssh add function

Fri Mar 20 10:57:51 2009 [ERROR] sshpmcert.c 4257: unable to extract private key for webauth cert

Fri Mar 20 10:57:51 2009 [ERROR] sshpmcert.c 3750: SSHPM: failed to decode private key




jesav Thu, 10/28/2010 - 13:04
User Badges:

No news?


We have the same issue here : unable to extract private key...


Thanks,

Nicolas Darchis Thu, 10/28/2010 - 23:09
User Badges:
  • Cisco Employee,

This either a wrong key you entered when importing the certificate or a malformed certificate.


I fixed this once with OpenSSL by exporting the pem certificate back to pkcs12 format and then again to pem, regenerating the key shared secret and it worked.


If having trouble with that, I'd suggest opening a TAC case to get help.


Nicolas



===

Please rate answers that you find useful

Scott Fella Fri, 10/29/2010 - 05:33
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    The Hall of Fame designation is a lifetime achievement award based on significant overall achievements in the community. 

  • Cisco Designated VIP,

    2017 Wireless

Make sure you don't use OpenSSL v1.0.  Use v9.8o light... v1.0 will give you that error you are seeing.


http://www.slproweb.com/products/Win32OpenSSL.html

Actions

This Discussion

 

 

Trending Topics - Security & Network