The Mesh AP 1500 (MAP) MAC address and the Manufactured Installed Certificate (MIC) are not selected under the access point (AP) policy. When this issue occurs, the Unable to free public key for AP error message appears.
Thu Jan 26 20:23:27 2006: sshpmGetIssuerHandles: Cert is issued by Cisco Systems.
Thu Jan 26 20:23:27 2006: sshpmGetIssuerHandles: SSC is not allowed by config;
Thu Jan 26 20:23:27 2006: LWAPP Join-Request does not include valid certificate
in CERTIFICATE_PAYLOAD from AP 00:13:5f:f9:dc:b0.
Thu Jan 26 20:23:27 2006: sshpmFreePublicKeyHandle: called with (nil)
Thu Jan 26 20:23:27 2006: sshpmFreePublicKeyHandle: NULL argument.
Thu Jan 26 20:23:27 2006: Unable to free public key for AP 00:13:5F:F9:DC:B0
Thu Jan 26 20:23:27 2006: spamDeleteLCB: stats timer not initialized for AP
Thu Jan 26 20:23:27 2006: spamProcessJoinRequest : spamDecodeJoinReq failed
Verify that the Wireless LAN Controller (WLC) time and time zone are correct. Also, add the MAC address of the MAP to the MAC filtering list.
From the GUI, choose WebGUI > Controller > Security, and click MAC filtering under AAA on the left side of the page.
Add the MAC address and the appropriate data, and click Apply.
Choose MIC from the drop-down menu.
Check the self signed cert check box under Security > AP policy.
MIC stands for Manufactured Installed Certificate. APs made after December 2005 have a digital certificate installed on them at the factory. APs before this date need to have a Self Signed Certificate (SSC) generated when they are converted to LWAPP.
The combination of the AP policies and the MAC filter list is necessary because of Cisco bug ID CSCsf21233. The MAPs must be added to the MAC filter list, but at times, they do not work unless they are added to the AP policy list.