Buy or Renew
Buy or Renew
Cisco Virtual Engineer generative AI bot now active in Wireless Discussion Forum. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
12017
Views
10
Helpful
6
Replies

Issue installing a SSL certificate on WLC

mmartinez
Level 1
Level 1

‎03-12-2009 11:57 AM - edited ‎07-03-2021 05:18 PM

I have a certificate obtained from verisign for logging in a wireless campus network, and I'm installing it via TFTP to the WLC. At the end of the transference appear the next message

"TFTP WPS Signature file transfer starting.

TFTP receive complete... updating WPS signatures.

Error in signature file. Please check message log"

In WLC log files apears the next issues:

Thu Mar 12 15:39:55 2009 [ERROR] sig.c 758: ERROR reading revision number from new signature file

Thu Mar 12 15:39:55 2009 [ERROR] sig.c 531: ERROR parsing revision number

Thu Mar 12 15:39:55 2009 [ERROR] sig.c 459: ERROR: No value specified for token Bag Attributes

But I don't know what excactly that means, and how can I fix it.

For doing this work I followed a Cisco Guide for this approach, using the OpenSSL program.

Labels:
0 Helpful
6 Replies 6

didyap
Level 6
Level 6

‎03-18-2009 09:41 AM

To configures SSL certificates, use the config certificate command.

config certificate {generate {webadmin | webauth} | compatibility {on | off}}

Where generate {webadmin | webauth} Generates a new web administration certificate or a a new web authentication certificate.

compatibility {on | off} Enables or disables compatibility mode for inter-Cisco Wireless LAN controller ipsec

0 Helpful

mmartinez
Level 1
Level 1
In response to didyap

‎03-20-2009 06:52 AM

I fixed the last issue, but now the certificate is already in the WLC but is not installed, the log file says:

Fri Mar 20 10:33:11 2009 [ERROR] sig.c 758: ERROR reading revision number from new signature file

Fri Mar 20 10:33:11 2009 [ERROR] sig.c 531: ERROR parsing revision number

Fri Mar 20 10:33:11 2009 [ERROR] sig.c 459: ERROR: No value specified for token

The compatibility is on. The file is .crt for testing i've changed for .cer and .pem but any of them has been successful

0 Helpful

mmartinez
Level 1
Level 1
In response to mmartinez

‎03-20-2009 07:04 AM

In addition appears this lines, I think this is the real problem

Fri Mar 20 10:57:51 2009 [ERROR] updcode.c 777: 1 returned from ssh add function

Fri Mar 20 10:57:51 2009 [ERROR] sshpmcert.c 4257: unable to extract private key for webauth cert

Fri Mar 20 10:57:51 2009 [ERROR] sshpmcert.c 3750: SSHPM: failed to decode private key

0 Helpful

jesav
Level 1
Level 1
In response to mmartinez

‎10-28-2010 01:04 PM

No news?

We have the same issue here : unable to extract private key...

Thanks,

0 Helpful

Nicolas Darchis
Cisco Employee
Cisco Employee
In response to jesav

‎10-28-2010 11:09 PM

This either a wrong key you entered when importing the certificate or a malformed certificate.

I fixed this once with OpenSSL by exporting the pem certificate back to pkcs12 format and then again to pem, regenerating the key shared secret and it worked.

If having trouble with that, I'd suggest opening a TAC case to get help.

Nicolas

===

Please rate answers that you find useful

0 Helpful

Scott Fella
Hall of Fame
Hall of Fame
In response to Nicolas Darchis

‎10-29-2010 05:33 AM

Make sure you don't use OpenSSL v1.0.  Use v9.8o light... v1.0 will give you that error you are seeing.

http://www.slproweb.com/products/Win32OpenSSL.html

-Scott
*** Please rate helpful posts ***
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card