Re: 5520 webadmin SSO

bern.rain · ‎01-24-2018

Hello

I have a WLC 5520 SSO installation with 8.5.103 installed and generated the CSR over gui. After i installed the .pem file the controller rebooted and i was able to login with https. When i did the failovertest i was unable to login over https to the secondary controller. I checked on the cli the cert looks fine. The secondary controller syncronized all correct

are there any know problems.

Regards,

Bernhard

Leo Laohoo · ‎01-24-2018

That's because the CSR wasn't uploaded to the secondary unit.
Break HA and load CSR to each physical unit. Only after this is done do you put them back into HA.

bern.rain · ‎01-24-2018

Hello

This means i Break up then both WLCs hostname is for ex WLC 1 and 2 and i generate a new csr for wlc2 and upload the signed one? After that i create the redundancy again?

Regards,

Bernhard

Leo Laohoo · ‎01-24-2018

The CSR has been upload to the primary. So now upload the same CSR to secondary and reboot the secondary.

Flavio Miranda · ‎01-24-2018

Hi @bern.rain

It seems that the certificate is not replicated. Cisco docs states:

"Device and root certificates are not automatically synced to the Standby controller."

"APs with LSC certificates are supported. The controller's LSC certificate and SCEP configuration must be implemented on the active and standby controllers before activating SSO."

"The download of certificates should be done separately on each box and should be done before pairing"

https://www.cisco.com/c/en/us/td/docs/wireless/controller/technotes/7-5/High_Availability_DG.html

-If I helped you somehow, please, rate it as useful.-