Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Uploading 3rd party certificate to 5508 (ver7.4) fails

Good Day,

 

I tried to load a 3rd party certificate to a pair of 5508s last night.

The tftp transfer was successful, but the controllers failed to install the certificate.

I ran debug transfer all enable and could see that I received ERROR_CODE:12 each time.

 

Just wondering if anyone has come across this and what they did to correct it.

 

 

thanks very much

 

regards

 

amanda

 

1 ACCEPTED SOLUTION

Accepted Solutions

CLI commands to load the

CLI commands to load the certificate into the controller

 

transfer download serverip <IP of server>

transfer download datatype webauthcert

transfer download filename <cert filename>

transfer download mode tftp

debug transfer tftp enable

transfer download start

 

Please reboot the controller once

6 REPLIES

CLI commands to load the

CLI commands to load the certificate into the controller

 

transfer download serverip <IP of server>

transfer download datatype webauthcert

transfer download filename <cert filename>

transfer download mode tftp

debug transfer tftp enable

transfer download start

 

Please reboot the controller once

New Member

Hi Amanda, looks to me that

Hi Amanda,

 

looks to me that unsupported openssl version was used for certificate request.

I had the same or similar issue, in the Cisco documentation you can find the following note:

 

Note: OpenSSL 0.9.8 is required as the WLC does not currently support OpenSSL 1.0.

 

Hope this helps.

 

K.

New Member

I have the same problem even

I have the same problem even with OpenSSL 0.9.8. The result is always error code 12. 

New Member

Hi K, The cert was generated

Hi K,

 

The cert was generated by my colleague, but he is using SSL 0.9.8

As a point of interest,  I had a chained certificate.

As I understand it,  chained certificates are not compatible with the Wireless Controllers for the web administration page.

 

I think that is my problem.

 

This leads to a new question.

I wonder if I can use an intermediate certificate or a wildcard certificate on the server.

All of the PCs have a company certificate on them due to the fact that we are using dot1x on the wired network.

 

any ideas?

 

thanks

 

Silver

I believe you can split up

I believe you can split up the chained certificate to the separate ones and then install first the root, then all intermediates and as the last one the machine certificate. I think it worked that way when I did it once on a 4404 controller.

New Member

Hi,WLC supports chained

Hi,

WLC supports chained certificates as you can read it here. I'm also using them ....

 

With version 5.1.151.0 and later, the WLCs support chained certificates for web authentication. Web authentication certificates can be any of these:

  • Chained

  • Unchained

  • Autogenerated

Refer to Generate CSR for Third-Party Certificates and Download Chained Certificates to the WLC for information on how to use Chained certificates on WLC.

 

Greets

 

Karel

87
Views
15
Helpful
6
Replies
CreatePlease login to create content