Core Issue
With self-signed certificate access points (SSC APs), the SSC AP policy is disabled. The reason is that the AP Auth List has to have the hash keys as the WLC needs the key-hash with the MAC address of the access point and accept ssc enabled for them to join the WLC.
In such cases, you see this error message on the controller:
Wed Aug 9 17:20:21 2006 [ERROR] spam_lrad.c 1553: spamProcessJoinRequest
:spamDecodeJoinReq failed
Wed Aug 9 17:20:21 2006 [ERROR] spam_crypto.c 1509: Unable to free public key for
AP 00:12:44:B3:E5:60
Wed Aug 9 17:20:21 2006 [ERROR] spam_lrad.c 4880: LWAPP Join-Request does not include
valid certificate in CERTIFICATE_PAYLOAD from AP 00:12:44:b3:e5:60.
Wed Aug 9 17:20:21 2006 [CRITICAL] sshpmPkiApi.c 1493: Not configured to accept
Self-signed AP cert
Resolution
You need to complete these steps and perform one of these two actions:
Issue the show auth-list command at the controller CLI in order to check for whether the controller is configured to accept APs with SSCs.
This is a sample output of show auth-list command:
#show auth-list
Authorize APs against AAA ....................... disabled
Allow APs with Self-signed Certificate (SSC) .... enabled
Mac Addr Cert Type Key Hash
----------------------- ---------- ------------------------------------------
00:09:12:2a:2b:2c SSC 1234567890123456789012345678901234567890Choose Security > AP Policies in the GUI.
Check whether the Accept Self Signed Certificate check box is enabled. If not, enable it.
Choose SSC as the certificate type.
Add AP to the authorization list with MAC address and key-hash.
This key-hash can be obtained from the output of the debug pm pki enable command. Refer to the Cause 4 section of LWAPP Upgrade Tool Troubleshoot Tips for more information on how to get the key-hash value.
Refer to the Cause 3 section of LWAPP Upgrade Tool Troubleshoot Tips for more information about the error message.
Refer to these documents for more information:
Problem Type
Upgrade
Error message
Products
Wireless LAN Controllers
LAP 1000
LAP 1200
LAP 1100
Topology
LWAPP network
Product OS
IOS
Device Access Method
Terminal Server / Console
GUI Interface
Telnet
Wireless Devices Errors, Warnings, Statistics and Log Messages
Wireless LAN Controller Errors, Warnings and Log Messages
SW Features
Lightwieght Access Point Protocol (LWAPP)
Autonomous mode