07-06-2009 10:48 AM - edited 07-03-2021 05:47 PM
I hae TFTP32 up pointing at C: & im following this to download my Cert file into my 4404 controller :
>transfer download mode tftp
>transfer download datatype webauthcert
>transfer download serverip <TFTP server IP address>
>transfer download path <absolute TFTP server path to the update file>
>transfer download filename final.pem
>transfer download certpassword password
When i type transfer download start it gives me my stats:
Mode............................................. TFTP
Data Type........................................ Site Cert
TFTP Server IP................................... 172.16.1.130
TFTP Packet Timeout.............................. 6
TFTP Max Retries................................. 10
TFTP Path........................................ C:/
TFTP Filename.................................... mycert.pfx
I tell it yes but then it gives me the error: % Error: Web Authentication Certificate file transfer failed - Error from server: File not found
anyone know what I'm doing wrong?
07-06-2009 10:59 AM
The tftp path is not C:/ but try: \
07-06-2009 11:07 AM
TFTP Path........................................ \/
this is what I have now. I get the error message: % Error: Web Authentication Certificate file transfer failed - Error from server: Access violation
I have the debug mode on. This is what it said
*Jul 06 16:02:53.494: Still waiting! Status = 2
*Jul 06 16:02:54.616: Locking tftp semaphore, pHost=172.16.1.130 pFilename=\/mycert.pfx
*Jul 06 16:02:54.617: Semaphore locked, now unlocking, pHost=172.16.1.130 pFilename=\/mycert.pfx
*Jul 06 16:02:54.617: Semaphore successfully unlocked, pHost=172.16.1.130 pFilename=\/mycert.pfx
*Jul 06 16:02:54.619: TFTP: Binding to local=0.0.0.0 remote=172.16.1.130
*Jul 06 16:02:54.623: tftp rc=1, pHost=172.16.1.130 pFilename=\/mycert.pfx
pLocalFilename=cert.p12
*Jul 06 16:02:54.624: RESULT_STRING: % Error: Web Authentication Certificate file transfer failed - Error from server: Access violation
*Jul 06 16:02:54.624: RESULT_CODE:12
*Jul 06 16:02:54.624: ummounting:
*Jul 06 16:02:54.658: finished umounting
% Error: Web Authentication Certificate file transfer failed - Error from server: Access violation
07-06-2009 11:08 AM
Oups, for TFTP its /
07-06-2009 11:18 AM
that worked better but its still not totally working. It now gives me
Error installing certificate.
I looked at the debug and this looks the most fishy
*Jul 06 16:15:18.869: sshpmDecodePrivateKey: private key decode failed...
*Jul 06 16:15:18.869: sshpmAddWebauthCert: key extraction failed.
*Jul 06 16:15:18.869: RESULT_STRING: Error installing certificate.
I'm copying and pasting the key/password from a text file. The same text file I copied and pasted from when I did my CSR. It can't be wrong.
07-06-2009 11:38 AM
Did you follow :
http://www.cisco.com/en/US/tech/tk722/tk809/technologies_configuration_example09186a00806e367a.shtml
You have to combine the key and the cert into one file.
Also what code of controller are you running ?
Also, I don't think WLC does not have the functionality to proxy communication of a chain certificate with a root certificate authority server. In order to host a chain certificate you must be a root certificate authority server and not a chain certificate.
07-06-2009 11:55 AM
I have the lastest version of WLC and I did read that doc. When I tried to combined the files it gave me an error about the passwords again. Do you know if there are any characters that are not allowed to be used in the password?
After that doc not working for me we contacted the CA and they gave us steps to make the cert file with IIS. They never said how to get the cert on the controller so I went back to that document.
07-06-2009 12:05 PM
The password should match the one that was used to generate the cert (-passout value in openssl). I have not see issues with using a special character password.
Also your file is pfx, most of the time we see .pem files. My guess is that is used by IIS.
If you are using a third party cert, you should use : webadmincert instead of webauthcert :
>transfer download datatype webadmincert
07-07-2009 05:48 AM
whats the difference between the two? I thought the webadmin would cert the logging in of the admin to configure the controller. I'm wanting it for webauth.
Im looking in my controller Via the HTML interface. under Security, webauth, certificate you can enter almost the same information. Is this another way of doing it?
I did use IIS BTW.
07-07-2009 06:16 AM
Convert the certificate from .pfx to .pem format using open ssl. WLC is not supporting .pfx cert format.
07-07-2009 06:43 AM
jicr can you write the specific command I need to type into open SSL to convert the file
07-07-2009 06:45 AM
pkcs12 -in MYCERTS.pfx -out MYCERTS.pem
07-07-2009 08:35 AM
this is what I get
Enter Import Password:
Mac verify error: invalid password?
error in pkcs12
which password is it looking for? The one I made during my CSR ? The one I had to type into the verisign website to get them to send me the cert or the one I used to export the cert in IIS. In each case I used the same password.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: