Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

download cert to the controller

I hae TFTP32 up pointing at C: & im following this to download my Cert file into my 4404 controller :

>transfer download mode tftp

>transfer download datatype webauthcert

>transfer download serverip <TFTP server IP address>

>transfer download path <absolute TFTP server path to the update file>

>transfer download filename final.pem

>transfer download certpassword password

When i type transfer download start it gives me my stats:

Mode............................................. TFTP

Data Type........................................ Site Cert

TFTP Server IP................................... 172.16.1.130

TFTP Packet Timeout.............................. 6

TFTP Max Retries................................. 10

TFTP Path........................................ C:/

TFTP Filename.................................... mycert.pfx

I tell it yes but then it gives me the error: % Error: Web Authentication Certificate file transfer failed - Error from server: File not found

anyone know what I'm doing wrong?

12 REPLIES

Re: download cert to the controller

The tftp path is not C:/ but try: \

New Member

Re: download cert to the controller

TFTP Path........................................ \/

this is what I have now. I get the error message: % Error: Web Authentication Certificate file transfer failed - Error from server: Access violation

I have the debug mode on. This is what it said

*Jul 06 16:02:53.494: Still waiting! Status = 2

*Jul 06 16:02:54.616: Locking tftp semaphore, pHost=172.16.1.130 pFilename=\/mycert.pfx

*Jul 06 16:02:54.617: Semaphore locked, now unlocking, pHost=172.16.1.130 pFilename=\/mycert.pfx

*Jul 06 16:02:54.617: Semaphore successfully unlocked, pHost=172.16.1.130 pFilename=\/mycert.pfx

*Jul 06 16:02:54.619: TFTP: Binding to local=0.0.0.0 remote=172.16.1.130

*Jul 06 16:02:54.623: tftp rc=1, pHost=172.16.1.130 pFilename=\/mycert.pfx

pLocalFilename=cert.p12

*Jul 06 16:02:54.624: RESULT_STRING: % Error: Web Authentication Certificate file transfer failed - Error from server: Access violation

*Jul 06 16:02:54.624: RESULT_CODE:12

*Jul 06 16:02:54.624: ummounting: cwd = /mnt/application

*Jul 06 16:02:54.658: finished umounting

% Error: Web Authentication Certificate file transfer failed - Error from server: Access violation

Re: download cert to the controller

Oups, for TFTP its /

New Member

Re: download cert to the controller

that worked better but its still not totally working. It now gives me

Error installing certificate.

I looked at the debug and this looks the most fishy

*Jul 06 16:15:18.869: sshpmDecodePrivateKey: private key decode failed...

*Jul 06 16:15:18.869: sshpmAddWebauthCert: key extraction failed.

*Jul 06 16:15:18.869: RESULT_STRING: Error installing certificate.

I'm copying and pasting the key/password from a text file. The same text file I copied and pasted from when I did my CSR. It can't be wrong.

Re: download cert to the controller

Did you follow :

http://www.cisco.com/en/US/tech/tk722/tk809/technologies_configuration_example09186a00806e367a.shtml

You have to combine the key and the cert into one file.

Also what code of controller are you running ?

Also, I don't think WLC does not have the functionality to proxy communication of a chain certificate with a root certificate authority server. In order to host a chain certificate you must be a root certificate authority server and not a chain certificate.

New Member

Re: download cert to the controller

I have the lastest version of WLC and I did read that doc. When I tried to combined the files it gave me an error about the passwords again. Do you know if there are any characters that are not allowed to be used in the password?

After that doc not working for me we contacted the CA and they gave us steps to make the cert file with IIS. They never said how to get the cert on the controller so I went back to that document.

Re: download cert to the controller

The password should match the one that was used to generate the cert (-passout value in openssl). I have not see issues with using a special character password.

Also your file is pfx, most of the time we see .pem files. My guess is that is used by IIS.

If you are using a third party cert, you should use : webadmincert instead of webauthcert :

>transfer download datatype webadmincert

New Member

Re: download cert to the controller

whats the difference between the two? I thought the webadmin would cert the logging in of the admin to configure the controller. I'm wanting it for webauth.

Im looking in my controller Via the HTML interface. under Security, webauth, certificate you can enter almost the same information. Is this another way of doing it?

I did use IIS BTW.

New Member

Re: download cert to the controller

Convert the certificate from .pfx to .pem format using open ssl. WLC is not supporting .pfx cert format.

New Member

Re: download cert to the controller

jicr can you write the specific command I need to type into open SSL to convert the file

New Member

Re: download cert to the controller

pkcs12 -in MYCERTS.pfx -out MYCERTS.pem

New Member

Re: download cert to the controller

this is what I get

Enter Import Password:

Mac verify error: invalid password?

error in pkcs12

which password is it looking for? The one I made during my CSR ? The one I had to type into the verisign website to get them to send me the cert or the one I used to export the cert in IIS. In each case I used the same password.

2476
Views
0
Helpful
12
Replies
CreatePlease to create content