Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 

The "Unable to free public key for AP" error message appears in the debug LWAPP events when the MAP does not register with the 4402 WLC

 

 

Introduction

 

 

The Mesh AP 1500 (MAP) MAC address and the Manufactured Installed Certificate (MIC) are not selected under the access point (AP) policy. When this issue occurs, the Unable to free public key for AP error message appears.

 

Thu Jan 26 20:23:27 2006: sshpmGetIssuerHandles: Cert is issued by Cisco Systems.
Thu Jan 26 20:23:27 2006: sshpmGetIssuerHandles: SSC is not allowed by config; 
bailing...
Thu Jan 26 20:23:27 2006: LWAPP Join-Request does not include valid certificate 
in CERTIFICATE_PAYLOAD from AP 00:13:5f:f9:dc:b0.
Thu Jan 26 20:23:27 2006: sshpmFreePublicKeyHandle: called with (nil)
Thu Jan 26 20:23:27 2006: sshpmFreePublicKeyHandle: NULL argument.
Thu Jan 26 20:23:27 2006: Unable to free public key for AP  00:13:5F:F9:DC:B0 
Thu Jan 26 20:23:27 2006: spamDeleteLCB: stats timer not initialized for AP 
00:13:5f:f9:dc:b0
Thu Jan 26 20:23:27 2006: spamProcessJoinRequest : spamDecodeJoinReq failed 

Resolution

 

Verify that the Wireless LAN Controller (WLC) time and time zone are correct. Also, add the MAC address of the MAP to the MAC filtering list.

  1. From the GUI, choose WebGUI > Controller > Security, and click MAC filtering under AAA on the left side of the page.
  2. Add the MAC address and the appropriate data, and click Apply.
  3. Choose MIC from the drop-down menu.
  4. Check the self signed cert check box under Security > AP policy.

 

MIC stands for Manufactured Installed Certificate. APs made after December 2005 have a digital certificate installed on them at the factory. APs before this date need to have a Self Signed Certificate (SSC) generated when they are converted to LWAPP.

 

The combination of the AP policies and the MAC filter list is necessary because of Cisco bug ID CSCsf21233. The MAPs must be added to the MAC filter list, but at times, they do not work unless they are added to the AP policy list.

 

Problem Type

Error message

Device cannot register

Client / Device cannot authenticate

 

Products

Access point

Wireless LAN Controllers

Mesh Access Point 1500

 

SW Features

Lightwieght Access Point Protocol (LWAPP)

 

Reference

 

Self-Signed Certificate Manual Addition to the Controller for LWAPP-Converted APs

LWAPP Upgrade Tool Troubleshoot Tips

 

 

Version history
Revision #:
2 of 2
Last update:
‎08-23-2017 08:24 PM
Updated by:
 
Contributors