Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

problems after installing certificate 2500 series

Hello,

i have problems installing an 3rd-Party signed certificate to my Cisco 2504 ( AIR-CT2504-15-K9 ).

The certificate should be used for WebAuth, because of the annoying SSL errors in browser.

Software Version                 7.0.116.0

License Level base

WebAuth : https

WebAdmin : https

W-Lan : working with Localy Generated Certificate

Virtual IP : 1.1.1.1

Virtual IP DNS : hotspot.domain.de

I used the following manual : http://www.cisco.com/en/US/tech/tk722/tk809/technologies_configuration_example09186a00806e367a.shtml

According to the manual, I used OpenSSL : 0.9.8o

My certificate is a wildcard-certificate like *.domain.de

I did following to get it :

# openssl req -new -nodes -newkey rsa:2048 -keyout domain.de.key -out domain.de.csr

> Signing Request @ Thawte

< got my signed certificate ( server.crt ) with instructions to use intermediate certificate ( bundle.crt )

# openssl pkcs12 -export -in server.crt -inkey domain.de.key -certfile bundle.crt -out CA.p12 -clcerts -passin pass:check123 -passout pass:check123

# openssl pkcs12 -in CA.p12 -out CA.pem -passin pass:check123 -passout pass:check123

After generating the CA.pem, i downloaded it to the controller ( CLI & WebInterface ).

The Controller installed it without an error and wanted to restart the system. After saving & reseting the system I was not able to get onto the management Interface anymore. The browser did not connect to the WebAdmin anymore. The proper working W-Lan wasn't working anymore too. When I tried to connect, the connection broke with an error.

Using "show certificate summary" i got following :

Web Administration Certificate................... Manufacture Installed

Web Authentication Certificate................... 3rd Party

Certificate compatibility mode:.................. off

When i reset my WebAuth Certificate, the W-Lan and the WebAdmin are working again.

Can anyone help me, to solve my problem ?

Best regards

Oliver

3 REPLIES
Hall of Fame Super Silver

problems after installing certificate 2500 series

First off, you need to be able to hotspot.domain.de to the 1.1.1.1 your VIP.  This needs to be resolved by the DNS servers that the clients will be getting.  So you either using your internl, external or ISP dns server.  Are you uploading the certificate in the correct spot.  Here is the location on the image

-Scott
*** Please rate helpful posts ***
New Member

problems after installing certificate 2500 series

You are right, i forgot to say it...

1.1.1.1 will resolved by clients to hotspot.domain.de. For testing, I registered this subdomain in our public DNS of domain.de

Yes, i up/downloaded it in the right spot.

I'm suprised, that the WebAdmin isn't working... cause "show certificate summary" says, that the WebAdmin Certificate is the manufactured certificate ...

New Member

problems after installing certificate 2500 series

Problem solved ...

On converting TO pkcs12 i se t"-passin pass:check123" ... but my key had noch pass ...

So, doing the first convertion without this parameter, the Cisco is now working with the cert.

535
Views
0
Helpful
3
Replies
CreatePlease to create content