In some of my spare time, I've been trying to get this AP to join with this WLC. It's been about two weeks now. I'm not sure what the problem is. I think that there are a few possible issues, but I'm asking the more experienced & knowledgeable support community. I did convert the autonomous AP to a LAP. So here are some outputs:
Okay, so I've been trying some of what you've mentioned the past few days. The WLC is updated. The AP still can't connect. So I tried the the "config auth-list ap-policy ssc enable" & "config auth-list add ssc " commands. Problems I don't have the sha1 key hash. How/where do I locate this? I didn't use the cisco lwapp upgrade tool because it doesn't do anything when I tell it to start. It just says "Validating User Input" or something along those lines and never changes. So I used tftpd32 to upgrade the AP.
Now then, where can I find or get the AP hash key? It doesn't show up on the debug pm pki enable output. Can I find it on the AP through gui or cli?
Fri Jan 24 16:52:36 2014: 00:13:5f:f8:94:f0 LWAPP Join Request does not include valid certificate in CERTIFICATE_PAYLOAD from AP 00:13:5f:f8:94:f0.
Fri Jan 24 16:52:36 2014: 00:13:5f:f8:94:f0 Unable to free public key for AP 00:13:5f:f8:94:f0
Fri Jan 24 16:52:36 2014: 00:13:5f:f8:94:f0 Decoding Join Request failed for AP 00:13:5f:f8:94:f0
This information clearly shows that the controller time is outside the certificate validity interval of the LAP. Therefore, the LAP cannot register with the controller. Certificates installed in the LAP have a predefined validity interval. The controller time should be set in such a way that it is within the certificate validity interval of the LAP’s certificate.
If the time is not set correctly on the controller, choose Commands > Set Time in the controller GUI mode, or issue the config time command in the controller CLI in order to set the controller time.