Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

Finding the AP certificate key hash

Hi,

is there a command that shows the certificate key hash of a LWAPP AP?

I would like to enable the AP authentication on my WLC and I was wandering if there's an anternative way to debugging the join process because I have several AP.

Thanks,

Matteo

5 REPLIES
Hall of Fame Super Red

Re: Finding the AP certificate key hash

Hi Matteo,

There is one other method (really good for multiple AP's)

If the computer that performed the AP conversion is available, you can obtain the Secure Hash Algorithm 1 (SHA1) Key Hash from the .csv file that is in the Cisco Upgrade Tool directory.

From this excellent doc;

http://www.cisco.com/en/US/products/ps6366/products_configuration_example09186a00806a426c.shtml#cli

Hope this helps!

Rob

Hall of Fame Super Silver

Re: Finding the AP certificate key hash

I think you can also look at log when you are consoled into the ap... it actually shows the hash. You might also want to enable debug.

-Scott
*** Please rate helpful posts ***
Community Member

Re: Finding the AP certificate key hash

Do the logs of the Controller show the key hash value when an AP succesfully join it?

Community Member

Re: Finding the AP certificate key hash

Hi Rob,

unfortunately the APs were upgraded months ago and the .csv files aren't available.

Thanks,

Matteo

Hall of Fame Super Red

Re: Finding the AP certificate key hash

Hi Matteo,

You can issue a debug command on the WLC in order to retrieve the SHA1 Key Hash.

Complete these steps:

Turn on the AP and connect it to the network.

Enable the debugging on the WLC command-line interface (CLI).

The command is debug pm pki enable.

(Cisco Controller) >debug pm pki enable

Mon May 22 06:34:10 2006: sshpmGetIssuerHandles: getting (old) aes ID cert handle...

Mon May 22 06:34:10 2006: sshpmGetCID: called to evaluate

Mon May 22 06:34:10 2006: sshpmGetCID: comparing to row 0, CA cert

>bsnOldDefaultCaCert<

Mon May 22 06:34:10 2006: sshpmGetCID: comparing to row 1, CA cert

>bsnDefaultRootCaCert<

Mon May 22 06:34:10 2006: sshpmGetCID: comparing to row 2, CA cert

>bsnDefaultCaCert<

Mon May 22 06:34:10 2006: sshpmGetCID: comparing to row 3, CA cert

>bsnDefaultBuildCert<

Mon May 22 06:34:10 2006: sshpmGetCID: comparing to row 4, CA cert

>cscoDefaultNewRootCaCert<

Mon May 22 06:34:10 2006: sshpmGetCID: comparing to row 5, CA cert

>cscoDefaultMfgCaCert<

Mon May 22 06:34:10 2006: sshpmGetCID: comparing to row 0, ID cert

>bsnOldDefaultIdCert<

Mon May 22 06:34:10 2006: sshpmGetIssuerHandles: Calculate SHA1 hash on Public Key

Data

Mon May 22 06:34:10 2006: sshpmGetIssuerHandles: Key Data 30820122 300d0609

2a864886 f70d0101

Mon May 22 06:34:10 2006: sshpmGetIssuerHandles: Key Data 01050003 82010f00

3082010a 02820101

Mon May 22 06:34:10 2006: sshpmGetIssuerHandles: Key Data 00c805cd 7d406ea0

cad8df69 b366fd4c

Mon May 22 06:34:10 2006: sshpmGetIssuerHandles: Key Data 82fc0df0 39f2bff7

ad425fa7 face8f15

Mon May 22 06:34:10 2006: sshpmGetIssuerHandles: Key Data f356a6b3 9b876251

43b95a34 49292e11

Mon May 22 06:34:10 2006: sshpmGetIssuerHandles: Key Data 038181eb 058c782e

56f0ad91 2d61a389

Mon May 22 06:34:10 2006: sshpmGetIssuerHandles: Key Data f81fa6ce cd1f400b

b5cf7cef 06ba4375

Mon May 22 06:34:10 2006: sshpmGetIssuerHandles: Key Data dde0648e c4d63259

774ce74e 9e2fde19

Mon May 22 06:34:10 2006: sshpmGetIssuerHandles: Key Data 0f463f9e c77b79ea

65d8639b d63aa0e3

Mon May 22 06:34:10 2006: sshpmGetIssuerHandles: Key Data 7dd485db 251e2e07

9cd31041 b0734a55

Mon May 22 06:34:14 2006: sshpmGetIssuerHandles: Key Data 463fbacc 1a61502d

c54e75f2 6d28fc6b

Mon May 22 06:34:14 2006: sshpmGetIssuerHandles: Key Data 82315490 881e3e31

02d37140 7c9c865a

Mon May 22 06:34:14 2006: sshpmGetIssuerHandles: Key Data 9ef3311b d514795f

7a9bac00 d13ff85f

Mon May 22 06:34:14 2006: sshpmGetIssuerHandles: Key Data 97e1a693 f9f6c5cb

88053e8b 7fae6d67

Mon May 22 06:34:14 2006: sshpmGetIssuerHandles: Key Data ca364f6f 76cf78bc

bc1acc13 0d334aa6

Mon May 22 06:34:14 2006: sshpmGetIssuerHandles: Key Data 031fb2a3 b5e572df

2c831e7e f765b7e5

Mon May 22 06:34:14 2006: sshpmGetIssuerHandles: Key Data fe64641f de2a6fe3

23311756 8302b8b8

Mon May 22 06:34:14 2006: sshpmGetIssuerHandles: Key Data 1bfae1a8 eb076940

280cbed1 49b2d50f

Mon May 22 06:34:14 2006: sshpmGetIssuerHandles: Key Data f7020301 0001

***Mon May 22 06:34:14 2006: sshpmGetIssuerHandles: SSC Key Hash is

9e4ddd8dfcdd8458ba7b273fc37284b31a384eb9

Mon May 22 06:34:14 2006: LWAPP Join-Request MTU path from AP 00:0e:84:32:04:f0

is 1500, remote debug mode is 0

Mon May 22 06:34:14 2006: spamRadiusProcessResponse: AP Authorization failure for

00:0e:84:32:04:f0

From this excellent doc;

http://www.cisco.com/en/US/products/ps6366/products_configuration_example09186a00806a426c.shtml#cli

Hope this helps!

Rob

1110
Views
0
Helpful
5
Replies
CreatePlease to create content