Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Issue installing a SSL certificate on WLC

I have a certificate obtained from verisign for logging in a wireless campus network, and I'm installing it via TFTP to the WLC. At the end of the transference appear the next message

"TFTP WPS Signature file transfer starting.

TFTP receive complete... updating WPS signatures.

Error in signature file. Please check message log"

In WLC log files apears the next issues:

Thu Mar 12 15:39:55 2009 [ERROR] sig.c 758: ERROR reading revision number from new signature file

Thu Mar 12 15:39:55 2009 [ERROR] sig.c 531: ERROR parsing revision number

Thu Mar 12 15:39:55 2009 [ERROR] sig.c 459: ERROR: No value specified for token Bag Attributes

But I don't know what excactly that means, and how can I fix it.

For doing this work I followed a Cisco Guide for this approach, using the OpenSSL program.

6 REPLIES
Silver

Re: Issue installing a SSL certificate on WLC

To configures SSL certificates, use the config certificate command.

config certificate {generate {webadmin | webauth} | compatibility {on | off}}

Where generate {webadmin | webauth} Generates a new web administration certificate or a a new web authentication certificate.

compatibility {on | off} Enables or disables compatibility mode for inter-Cisco Wireless LAN controller ipsec

New Member

Re: Issue installing a SSL certificate on WLC

I fixed the last issue, but now the certificate is already in the WLC but is not installed, the log file says:

Fri Mar 20 10:33:11 2009 [ERROR] sig.c 758: ERROR reading revision number from new signature file

Fri Mar 20 10:33:11 2009 [ERROR] sig.c 531: ERROR parsing revision number

Fri Mar 20 10:33:11 2009 [ERROR] sig.c 459: ERROR: No value specified for token

The compatibility is on. The file is .crt for testing i've changed for .cer and .pem but any of them has been successful

New Member

Re: Issue installing a SSL certificate on WLC

In addition appears this lines, I think this is the real problem

Fri Mar 20 10:57:51 2009 [ERROR] updcode.c 777: 1 returned from ssh add function

Fri Mar 20 10:57:51 2009 [ERROR] sshpmcert.c 4257: unable to extract private key for webauth cert

Fri Mar 20 10:57:51 2009 [ERROR] sshpmcert.c 3750: SSHPM: failed to decode private key

New Member

Re: Issue installing a SSL certificate on WLC

No news?

We have the same issue here : unable to extract private key...

Thanks,

Re: Issue installing a SSL certificate on WLC

This either a wrong key you entered when importing the certificate or a malformed certificate.

I fixed this once with OpenSSL by exporting the pem certificate back to pkcs12 format and then again to pem, regenerating the key shared secret and it worked.

If having trouble with that, I'd suggest opening a TAC case to get help.

Nicolas

===

Please rate answers that you find useful

Hall of Fame Super Silver

Re: Issue installing a SSL certificate on WLC

Make sure you don't use OpenSSL v1.0.  Use v9.8o light... v1.0 will give you that error you are seeing.

http://www.slproweb.com/products/Win32OpenSSL.html

-Scott
*** Please rate helpful posts ***
9576
Views
10
Helpful
6
Replies