Upload pem file to WLC

Unanswered Question
Jan 13th, 2010

Hello everyone,

I'm trying to complete the upload of a certificate for my controller, but I'm not getting an error message "Error installing certificate error"

The version of the controller is 4.2.176.0

The commands are :

transfer download mode tftp
transfer download datatype webauthcert
transfer download serverip 10.13.46.55
tracer download path /
transfer download filename file.pem

Follow the debugs on the problem, can someone help me?

(Cisco Controller) >transfer download start

Mode............................................. TFTP

Data Type........................................ Site Cert

TFTP Server IP................................... 10.13.46.55

TFTP Packet Timeout.............................. 6

TFTP Max Retries................................. 10

TFTP Path........................................ /

TFTP Filename.................................... file.pem

This may take some time.

Are you sure you want to start? (y/N) y

Wed Jan 13 15:48:56 2010: RESULT_STRING: TFTP Webauth cert transfer starting.

Wed Jan 13 15:48:56 2010: RESULT_CODE:1

TFTP Webauth cert transfer starting.

Wed Jan 13 15:48:59 2010: Still waiting!  Status = 2

Wed Jan 13 15:49:00 2010: Locking tftp semaphore, pHost=10.13.46.55 pFilename=/file.pem

Wed Jan 13 15:49:00 2010: Semaphore locked, now unlocking, pHost=10.13.46.55 pFilename=/file.pem

Wed Jan 13 15:49:00 2010: Semaphore successfully unlocked, pHost=10.13.46.55 pFilename=/file.pem

Wed Jan 13 15:49:00 2010: TFTP: Binding to local=0.0.0.0 remote=10.13.46.55

Wed Jan 13 15:49:00 2010: TFP End: 6435 bytes transferred (0 retransmitted packets)

Wed Jan 13 15:49:00 2010: tftp rc=0, pHost=10.13.46.55 pFilename=/file.pem

                                                                                                   pLocalFilename=cert.p12

Wed Jan 13 15:49:00 2010: RESULT_STRING: TFTP receive complete... Installing Certificate.

Wed Jan 13 15:49:00 2010: RESULT_CODE:13

TFTP receive complete... Installing Certificate.

Wed Jan 13 15:49:02 2010: Still waiting!  Status = 2

Wed Jan 13 15:49:04 2010: Adding cert (6383 bytes) with password "xxxxxx"

Wed Jan 13 15:49:04 2010: sshpmAddWebauthCert: extracting private key from webauth cert; pwd: <xxxxxx>.

Wed Jan 13 15:49:04 2010: sshpmDecodePrivateKey: private key decode failed...

Wed Jan 13 15:49:04 2010: sshpmAddWebauthCert: key extraction failed.

Wed Jan 13 15:49:04 2010: RESULT_STRING: Error installing certificate.

Wed Jan 13 15:49:04 2010: RESULT_CODE:12

Wed Jan 13 15:49:04 2010: ummounting: <umount /mnt/download/>  cwd  = /mnt/application

Wed Jan 13 15:49:04 2010: finished umounting

Thanks in advance.

Rafael

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (4 ratings)
Loading.
Rafael Mendes Mon, 01/18/2010 - 03:09

I had followed the procedures in this document to perform the import.


Anyway, I retraced the entire procedure even more was flawed.

The following debug request :

TFTP Webauth cert transfer starting.
Mon Jan 18 08:00:02 2010: Still waiting!  Status = 2
Mon Jan 18 08:00:03 2010: Locking tftp semaphore, pHost=10.13.46.55 pFilename=/file.pem
Mon Jan 18 08:00:03 2010: Semaphore locked, now unlocking, pHost=10.13.46.55 pFilename=/file.pem
Mon Jan 18 08:00:03 2010: Semaphore successfully unlocked, pHost=10.13.46.55 pFilename=/file.pem
Mon Jan 18 08:00:03 2010: TFTP: Binding to local=0.0.0.0 remote=10.13.46.55
Mon Jan 18 08:00:03 2010: TFP End: 6438 bytes transferred (0 retransmitted packets)
Mon Jan 18 08:00:03 2010: tftp rc=0, pHost=10.13.46.55 pFilename=/file.pem
                                                                                                   pLocalFilename=cert.p12
Mon Jan 18 08:00:03 2010: RESULT_STRING: TFTP receive complete... Installing Certificate.
Mon Jan 18 08:00:03 2010: RESULT_CODE:13

TFTP receive complete... Installing Certificate.
Mon Jan 18 08:00:05 2010: Still waiting!  Status = 2
Mon Jan 18 08:00:07 2010: Adding cert (6386 bytes) with password "webpacientes"
Mon Jan 18 08:00:07 2010: sshpmAddWebauthCert: extracting private key from webauth cert; pwd: .
Mon Jan 18 08:00:07 2010: sshpmDecodePrivateKey: private key decode failed...
Mon Jan 18 08:00:07 2010: sshpmAddWebauthCert: key extraction failed.
Mon Jan 18 08:00:07 2010: RESULT_STRING: Error installing certificate.
Mon Jan 18 08:00:07 2010: RESULT_CODE:12
Mon Jan 18 08:00:07 2010: ummounting:   cwd  = /mnt/application
Mon Jan 18 08:00:07 2010: finished umounting

Error installing certificate.

Tks.

Lucien Avramov Mon, 01/18/2010 - 09:06

do you have an intermediate and root cert?

From what vendor are they? Usually they come in PKCS 7 format and you need to convert them to PEM using open ssl.

The PEM cert needs to contain BOTH the device and intermediate certificate. You can combine them using:

https://www.sslshopper.com/ssl-converter.html

Finally make sure you have Virtual Interface Hostname

Rafael Mendes Mon, 01/18/2010 - 09:25

Yes, they are all within the file, the entire chain, vendor is Certsign.


The certificate that comes in they are formed pfx, i passed him to .pem using openssl with command :

pkcs12 -in c:\cert\file.pfx -out file.pem -nodes

A doubt, the virtual interface must be named before the import the certificate?

Rafael Mendes Mon, 01/18/2010 - 10:58

Sure.

The DNS address of the interface has to be decided by customers, correct? Otherwise appear "page not found".

I have a separate infrastructure, where customers access the wlan can not access the dns query on the corporate network, the wlan is published by without a vlan interface is not routed. The DNS client is the edge router, the router and DNS is the ISP.

In this case the address has to be published on the Internet?

Actions

This Discussion

 

 

Trending Topics - Security & Network