How to recover the hash key off the Access Point and import it onto the controller

Document

Mar 31, 2015 8:26 PM
Jun 22nd, 2009


 

Introduction

How to recover the hash key off the Access Point and import it onto the controller.

Core Issue

The Lightweight Access Point Protocol (LWAPP) conversion tool saves a key hash file on the PC running the conversion application. 

Resolution

SHA1 Key Hash key can be found in the file stored in Comma-Separated Values (CSV) format in the Upgrade Tool directory.  This is an example:

 

C:\Program File\Cisco Systems\Upgrade Tool

The file is in CSV format.

Perform these steps on the controller:

Go to  SecurityAP Policies > Accept Self Signed Certificate (check box).

 

/image/gif/paws/70341/manual_add_ssc1.gif

 

Add these under the Access Point (AP) authorization list

    • The MAC address of the AP
    • The certificate type
    • SHA1 Key Hash (The key can be found in the file stored in CSV format in the Upgrade Tool directory.)

 

/image/gif/paws/70341/manual_add_ssc2.gif

Enable Accept Self Signed Certificate.

More Information

Locate the SHA1 Key Hash

If the computer that performed the AP conversion is available, you can obtain the Secure Hash Algorithm 1 (SHA1) Key Hash from the .csv file that is in the Cisco Upgrade Tool directory. If the .csv file is unavailable, you can issue a debug command on the WLC in order to retrieve the SHA1 Key Hash.

Complete these steps:

Turn on the AP and connect it to the network.

Enable the debugging on the WLC command-line interface (CLI).

The command is debug pm pki enable.

(Cisco Controller) >debug pm pki enable
Mon May 22 06:34:10 2006: sshpmGetIssuerHandles: getting (old) aes ID cert handle...
Mon May 22 06:34:10 2006: sshpmGetCID: called to evaluate <bsnOldDefaultIdCert>
Mon May 22 06:34:10 2006: sshpmGetCID: comparing to row 0, CA cert 
>bsnOldDefaultCaCert<
Mon May 22 06:34:10 2006: sshpmGetCID: comparing to row 1, CA cert 
>bsnDefaultRootCaCert<
Mon May 22 06:34:10 2006: sshpmGetCID: comparing to row 2, CA cert 
>bsnDefaultCaCert<
Mon May 22 06:34:10 2006: sshpmGetCID: comparing to row 3, CA cert 
>bsnDefaultBuildCert<
Mon May 22 06:34:10 2006: sshpmGetCID: comparing to row 4, CA cert 
>cscoDefaultNewRootCaCert<
Mon May 22 06:34:10 2006: sshpmGetCID: comparing to row 5, CA cert 
>cscoDefaultMfgCaCert<
Mon May 22 06:34:10 2006: sshpmGetCID: comparing to row 0, ID cert 
>bsnOldDefaultIdCert<
Mon May 22 06:34:10 2006: sshpmGetIssuerHandles: Calculate SHA1 hash on Public Key 
Data
Mon May 22 06:34:10 2006: sshpmGetIssuerHandles: Key Data 30820122 300d0609 
2a864886 f70d0101 
Mon May 22 06:34:10 2006: sshpmGetIssuerHandles: Key Data 01050003 82010f00 
3082010a 02820101 
Mon May 22 06:34:10 2006: sshpmGetIssuerHandles: Key Data 00c805cd 7d406ea0 
cad8df69 b366fd4c 
Mon May 22 06:34:10 2006: sshpmGetIssuerHandles: Key Data 82fc0df0 39f2bff7 
ad425fa7 face8f15 
Mon May 22 06:34:10 2006: sshpmGetIssuerHandles: Key Data f356a6b3 9b876251 
43b95a34 49292e11 
Mon May 22 06:34:10 2006: sshpmGetIssuerHandles: Key Data 038181eb 058c782e 
56f0ad91 2d61a389 
Mon May 22 06:34:10 2006: sshpmGetIssuerHandles: Key Data f81fa6ce cd1f400b 
b5cf7cef 06ba4375 
Mon May 22 06:34:10 2006: sshpmGetIssuerHandles: Key Data dde0648e c4d63259 
774ce74e 9e2fde19 
Mon May 22 06:34:10 2006: sshpmGetIssuerHandles: Key Data 0f463f9e c77b79ea 
65d8639b d63aa0e3 
Mon May 22 06:34:10 2006: sshpmGetIssuerHandles: Key Data 7dd485db 251e2e07 
9cd31041 b0734a55 
Mon May 22 06:34:14 2006: sshpmGetIssuerHandles: Key Data 463fbacc 1a61502d 
c54e75f2 6d28fc6b 
Mon May 22 06:34:14 2006: sshpmGetIssuerHandles: Key Data 82315490 881e3e31 
02d37140 7c9c865a 
Mon May 22 06:34:14 2006: sshpmGetIssuerHandles: Key Data 9ef3311b d514795f 
7a9bac00 d13ff85f 
Mon May 22 06:34:14 2006: sshpmGetIssuerHandles: Key Data 97e1a693 f9f6c5cb 
88053e8b 7fae6d67 
Mon May 22 06:34:14 2006: sshpmGetIssuerHandles: Key Data ca364f6f 76cf78bc 
bc1acc13 0d334aa6 
Mon May 22 06:34:14 2006: sshpmGetIssuerHandles: Key Data 031fb2a3 b5e572df 
2c831e7e f765b7e5 
Mon May 22 06:34:14 2006: sshpmGetIssuerHandles: Key Data fe64641f de2a6fe3 
23311756 8302b8b8 
Mon May 22 06:34:14 2006: sshpmGetIssuerHandles: Key Data 1bfae1a8 eb076940 
280cbed1 49b2d50f 
Mon May 22 06:34:14 2006: sshpmGetIssuerHandles: Key Data f7020301 0001
Mon May 22 06:34:14 2006: sshpmGetIssuerHandles: SSC Key Hash is 
9e4ddd8dfcdd8458ba7b273fc37284b31a384eb9
Mon May 22 06:34:14 2006: LWAPP Join-Request MTU path from AP 00:0e:84:32:04:f0 
is 1500, remote debug mode is 0
Mon May 22 06:34:14 2006: spamRadiusProcessResponse: AP Authorization failure for 
00:0e:84:32:04:f0

Problem Type

Upgrade

Products

Wireless LAN Controllers

4400 Series

2000 Series

Additional Information

Self-Signed Certificate Manual Addition to the Controller for LWAPP-Converted APs

Overall Rating: 0 (0 ratings)

Actions

Login or Register to take actions

This Document

Posted June 22, 2009 at 6:15 PM
Updated March 31, 2015 at 8:26 PM
Stats:

Related Content

 

Trending Topics: Other Wireless Mobility

client could not be authenticated
Network Analysis Module (NAM) Products
Cisco 6500 nam
reason 440 driver failure
Cisco password cracker
Cisco Wireless mode