With self-signed certificate access points (SSC APs), the SSC AP policy is disabled. The reason is that the AP Auth List has to have the hash keys as the WLC needs the key-hash with the MAC address of the access point and accept ssc enabled for them to join the WLC.
In such cases, you see this error message on the controller:
Wed Aug 9 17:20:21 2006 [ERROR] spam_lrad.c 1553: spamProcessJoinRequest
Wed Aug 9 17:20:21 2006 [ERROR] spam_crypto.c 1509: Unable to free public key for
Wed Aug 9 17:20:21 2006 [ERROR] spam_lrad.c 4880: LWAPP Join-Request does not include
valid certificate in CERTIFICATE_PAYLOAD from AP 00:12:44:b3:e5:60.
Wed Aug 9 17:20:21 2006 [CRITICAL] sshpmPkiApi.c 1493: Not configured to accept
Self-signed AP cert
You need to complete these steps and perform one of these two actions:
Issue the show auth-list command at the controller CLI in order to check for whether the controller is configured to accept APs with SSCs.
This is a sample output of show auth-list command:
Authorize APs against AAA ....................... disabled
Allow APs with Self-signed Certificate (SSC) .... enabled
Mac Addr Cert Type Key Hash
----------------------- ---------- ------------------------------------------
00:09:12:2a:2b:2c SSC 1234567890123456789012345678901234567890Choose Security > AP Policies in the GUI.
Check whether the Accept Self Signed Certificate check box is enabled. If not, enable it.
Choose SSC as the certificate type.
Add AP to the authorization list with MAC address and key-hash.
This key-hash can be obtained from the output of the debug pm pki enable command. Refer to the Cause 4 section of LWAPP Upgrade Tool Troubleshoot Tips for more information on how to get the key-hash value.
Refer to these documents for more information:
- Self-Signed Certificate Manual Addition to the Controller for LWAPP-Converted APs
- Upgrading Autonomous Cisco Aironet Access Points to Lightweight Mode
Wireless LAN Controllers
Device Access Method
Terminal Server / Console
Wireless Devices Errors, Warnings, Statistics and Log Messages
Wireless LAN Controller Errors, Warnings and Log Messages
Lightwieght Access Point Protocol (LWAPP)