Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Unable to upload Verisign signed certificate

Hi all,

I'm hoping somebody may be able to help me with an issue I am currently experiencing.

I have two Cisco WLC 5508 controllers that I'm trying to set-up for our new corporate WLAN. I've gone through most of the configuration fine but have ran into an issue uploading a signed certificate to one of my controllers. I should point out that I have managed to upload the certificate successfully to one of the controllers, I just can't seem to upload it to the second.

The issue is as follows:

- I've logged into the controller, gone to Security -> Web Auth -> Certificate -> Download Certificate

- I've specified my tftp server details and selected apply

- the process begins and I can see through my tftp client that the controller is attempting to copy and install the certificate

- The controller tries to install the certificate but fails, reporting the same

If I do the above from the CLI I receive the below


Mode............................................. TFTP
Data Type........................................ Site Cert
TFTP Server IP................................... 10.1.6.11
TFTP Packet Timeout.............................. 15
TFTP Max Retries................................. 15
TFTP Path........................................ /
TFTP Filename.................................... final.pem

This may take some time.
Are you sure you want to start? (y/N) y

TFTP Webauth cert transfer starting.

TFTP receive complete... Installing Certificate.

Error installing certificate.


(Cisco Controller) >

In the log taken from Management -> Message Logs I see this error

*TransferTask: Jul 03 10:30:43.641: %UPDATE-3-CERT_INST_FAIL: updcode.c:1342 Failed to install Webauth certificate. rc = 1

Can anybody advise as to what I am doing wrong?

Thanks,

Darren                  

Everyone's tags (3)
9 REPLIES
Hall of Fame Super Silver

Re: Unable to upload Verisign signed certificate

Did you enter a password when you generated the final.pem.  It is a requirement to be able to upload to the WLC.  Aslo, did you place the final.pem in the tftp root folder?  Did you see any activity on the tftp server and if its on your laptop, maybe disable the firewall.

-Scott
*** Please rate helpful posts ***
New Member

Unable to upload Verisign signed certificate

Hi,

Thanks for the prompt reply. When I tried to create the csr with Openssl, with a password, it kept returning an error???

Aslo, did you place the final.pem in the tftp root folder? (Yes, it worked for the first controller) Did you see any activity on the tftp server (Yes, it shows activity) and if its on your laptop, maybe disable the firewall (no firewall)

As mentioned it has worked for one of the controllers. When I connect to the wireless it is showing that I am using the signed certificate for the controller??

New Member

Unable to upload Verisign signed certificate

Hall of Fame Super Silver

Unable to upload Verisign signed certificate

Well if you are able to upload the same certificate on the other WLCs, I don't see why it would fail on only one.

-Scott
*** Please rate helpful posts ***
New Member

Unable to upload Verisign signed certificate

Exactly! Neither am I hence the question? Just wondering if others may have experienced this. Also wondering if there are any 'less than obvious settings' I need to check for this to work other than uploading the certificate. These controllers, the basic configuration, were put in by our MSP. They weren't sure about the signed certificate hence me looking into it.

Hall of Fame Super Silver

Unable to upload Verisign signed certificate

Usually if I can upload the certificate to one WLC, I know the certificate is good, especially if it shows up.  I usually always use the GUI to uplad the certificates also, which you have already done.  Are these both a guest anchor WLC?  Maybe you need to bounce the one having the issue and try to upload it again.

-Scott
*** Please rate helpful posts ***
Cisco Employee

Unable to upload Verisign signed certificate

I would rather recommend re-generating the certificate and installing it again  on the WLC.

Check the following links , if you have any doubts about the procedure:

http://www.cisco.com/en/US/partner/tech/tk722/tk809/technologies_configuration_example09186a00806e367a.shtml

http://www.cisco.com/en/US/partner/products/ps6366/products_configuration_example09186a0080a77592.shtml

-----------------------------------------------------------------

Make sure to rate correct answers

Unable to upload Verisign signed certificate

Darren,

can you try collecting some debugs? maybe that will tell us where the exact problem happens:

(WLC) > debug transfer all enable

Let us know what that tells us.

btw, do you have both controllers (the one that succeeded and this one) with same code version on both?

Amjad

Rating useful replies is more useful than saying "Thank you"
New Member

Unable to upload Verisign signed certificate

Hi all,

Thanks for your help. The issue is now resolved. I recreated the certificate taken from the last step of the Cisco documentation from this link http://www.cisco.com/en/US/products/ps6366/products_configuration_example09186a0080a77592.shtml?referring_site=smartnavRD and then uploaded again and it worked?

Very strange. In any case, it is now working.

Cheers,

Darren

1581
Views
0
Helpful
9
Replies