I have a 4402 controller and I am trying to add a 1200 series AP as the first AP.
The controller has version 5.2.178 version of code and the AP was just converted from autonomous to lwapp.
I verified the date and time of both units and they are within a few minutes of each other.
Here is what the AP is showing when it is booting up and fails to join.
*Apr 13 16:48:04.012: %CAPWAP-3-ERRORLOG: Go join a capwap controller
*Apr 13 16:48:04.000: %CAPWAP-5-DTLSREQSEND: DTLS connection request sent peer_ip: 192.168.1.3 peer_port: 5246
*Apr 13 16:48:04.001: %CAPWAP-5-CHANGED: CAPWAP changed state to
*Apr 13 16:48:05.715: %DTLS-5-ALERT: Received FATAL : Certificate unknown alert from 192.168.1.3
*Apr 13 16:48:05.715: %CAPWAP-3-ERRORLOG: Bad certificate alert received from peer.
*Apr 13 16:48:05.715: %DTLS-5-PEER_DISCONNECT: Peer 192.168.1.3 has closed connection.
*Apr 13 16:48:05.716: %DTLS-5-SEND_ALERT: Send WARNING : Close notify Alert to 192.168.1.3:5246
*Apr 13 16:48:05.717: %CAPWAP-3-ERRORLOG: Invalid event 38 & state 3 combination.
Did you use the Cisco Aironet to LWAPP conversion tool.
Check the directory where the upgrade tool is installed and see if it created a file (.csv) that contains the SSC for the AP. Then manually add that into the WLC under Security and then AP policies link.