Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

error installing certificate - help

Hi


I am trying to install a webauth certificate on a WLC (5508 6.0.188).

I followed the "Generate CSR for Third-Party Certificates and  Download Unchained Certificates to the WLC" document.

But when I try to upload the .pem file i get "the" "error installing certificate" promt.


I did not have any errors using OpenSSL.


Is there any debug commands that can help clearify the issue.

The Solution provided in this discussion has been added in the following Blog:-

https://supportforums.cisco.com/community/netpro/wireless-mobility/security-network-management/blog/2011/11/26/generate-csr-for-third-party-cert-and-download-unchained-cert-on-wireless-lan-controller-wlc


1 ACCEPTED SOLUTION

Accepted Solutions
New Member

Re: error installing certificate - help

I was having the same problem and worked on it for probably 8 hours trying numerous different solutions and this is what fixed it for me.

  1. The OpenSSL versions available from www.openssl.org do not create a final.pem that work with the WLC.
  2. I downloaded OpenSSL using this link http://www.ingate.com/files/Win32OpenSSL-0.9.6-1.0.zip and installed into C:\OpenSSL (It tries to install to program files, install location doesn't matter I just like it on the root of C)
  3. I then followed all of the steps outline on Cisco.com http://www.cisco.com/en/US/tech/tk722/tk809/technologies_configuration_example09186a00806e367a.shtml
  4. Uploaded the final.pem file and it install without any problems.
  5. My Cert was purchased from RapidSSL I don't know if that matters or not.

This was a renewal cert, so it was my second time install a cert to my WLC and I made the mistake of not keeping my original copy of OpenSSL that worked for me the first time.  Don't make the mistake I made and KEEP a copy of the OpenSSL version that works for you.  That will make cert renewal much easier for you.

8 REPLIES
New Member

Re: error installing certificate - help

I was having the same problem and worked on it for probably 8 hours trying numerous different solutions and this is what fixed it for me.

  1. The OpenSSL versions available from www.openssl.org do not create a final.pem that work with the WLC.
  2. I downloaded OpenSSL using this link http://www.ingate.com/files/Win32OpenSSL-0.9.6-1.0.zip and installed into C:\OpenSSL (It tries to install to program files, install location doesn't matter I just like it on the root of C)
  3. I then followed all of the steps outline on Cisco.com http://www.cisco.com/en/US/tech/tk722/tk809/technologies_configuration_example09186a00806e367a.shtml
  4. Uploaded the final.pem file and it install without any problems.
  5. My Cert was purchased from RapidSSL I don't know if that matters or not.

This was a renewal cert, so it was my second time install a cert to my WLC and I made the mistake of not keeping my original copy of OpenSSL that worked for me the first time.  Don't make the mistake I made and KEEP a copy of the OpenSSL version that works for you.  That will make cert renewal much easier for you.

New Member

error installing certificate - help

You legend!!! Worked a treat, the only thing I did differently was to run the OPENSSL program as an administaror (right click, run as..)

error installing certificate - help

For furture searches I have included this link .. I did a complete step by step process with screen shots ...

http://www.my80211.com/home/2011/1/16/wlcgenerate-third-party-web-authentication-certificate-for-a.html

__________________________________________________________________________________________ "Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin ___________________________________________________________
Cisco Employee

Re: error installing certificate - help

Open SSL v 1.x seems to cause issues. I know I have always used v0.9.8.  I have also asked that the CSR doc have notes added to them mentioning issues with 1.x.

Thanks,

Lee

Cisco Employee

Re: error installing certificate - help

FYI, I just checked the chained and unchaing CSR doc for the WLC and both do now contain a note about using v0.9.8:

Generate a CSR

Complete these steps in order to generate a CSR:

  1. Install and open the OpenSSL application. In Windows, by default, openssl.exe is located at C:\ > openssl > bin.

    Note: Cisco recommends that you use OpenSSL v0.9.8 for Windows.

Lee

New Member

Re: error installing certificate - help

OpenSSL 1.0 absolutely didn't work for me.  My RapidSSL cert only installed under 0.98.  Thanks for the help!

Re: error installing certificate - help

Hello All,

Thanks for sharing this useful information. I have added all this information and created a short Blog so that all CSC customers will be able to use it.

https://supportforums.cisco.com/community/netpro/wireless-mobility/security-network-management/blog/2011/11/26/generate-csr-for-third-party-cert-and-download-unchained-cert-on-wireless-lan-controller-wlc

Thanks,

Vinay Sharma

Community Manager- Wireless

Thanks & Regards
New Member

Re: error installing certificate - help

One more thing....

Assuming we're using Windows version, the latest 0.9.8 binaries have a quirky difference in the way they reference the config file. 

Pre 0.9.8h uses openssl.cnf

0.9.8h onwards uses openssl.cfg

However, the error msg still says its looking for "/path/openssl.cnf" for the latest versions - slightly confusing...

Add the command "-config openssl.cfg" for later versions

p.s. Hello Grev!

7535
Views
5
Helpful
8
Replies
CreatePlease login to create content