Comprar o Renovar
Comprar o Renovar
cancelar
Activar sugerencias
La sugerencia automática le ayuda a obtener, de forma rápida, resultados precisos de su búsqueda al sugerirle posibles coincidencias mientras escribe.
Mostrando los resultados de 
Buscar en lugar de 
Quiere decir: 
cancel
Iniciar una conversación
489
Visitas
0
ÚTIL
1
Respuestas

Certificate problem WLC 5508

erikreig1
Level 1
Level 1

el ‎02-16-2015 06:57 AM

Hi,

I've a problem to apply a certificate to a WLC 5508.

We generate the .pem but when we transfer it to the WLC we receive the next message:

 

(Cisco Controller) >debug transfer tftp enable

(Cisco Controller) >debug pm pki enable

(Cisco Controller) >transfer download mode tftp

(Cisco Controller) >transfer download datatype webauthcert

(Cisco Controller) >transfer download serverip 172.16.33.141

(Cisco Controller) >transfer download path /

(Cisco Controller) >transfer download filename final.pem

(Cisco Controller) >transfer download certpassword url0

Setting password to <url0>

(Cisco Controller) >transfer download start

Mode............................................. TFTP 

Data Type........................................ Site Cert    

TFTP Server IP................................... 172.16.33.141

TFTP Packet Timeout.............................. 6

TFTP Max Retries................................. 10

TFTP Path........................................ /

TFTP Filename.................................... final.pem

This may take some time.

Are you sure you want to start? (y/N) y

*sshpmLscTask: Feb 10 11:45:39.541: sshpmLscTask: LSC Task received a message 4

*TransferTask: Feb 10 11:45:50.076: Memory overcommit policy changed from 0 to 1

*TransferTask: Feb 10 11:45:50.235: RESULT_STRING: TFTP Webauth cert transfer starting.

*TransferTask: Feb 10 11:45:50.236: RESULT_CODE:1

TFTP Webauth cert transfer starting.

*emWeb: Feb 10 11:45:53.076: Still waiting!  Status = 2

*TransferTask: Feb 10 11:45:54.242: Locking tftp semaphore, pHost=172.16.33.141 pFilename=/final.pem

*TransferTask: Feb 10 11:45:54.242: Semaphore locked, now unlocking, pHost=172.16.33.141 pFilename=/final.pem

*TransferTask: Feb 10 11:45:54.242: Semaphore successfully unlocked, pHost=172.16.33.141 pFilename=/final.pem

*TransferTask: Feb 10 11:45:54.245: TFTP: Binding to local=0.0.0.0 remote=172.16.33.141

*TransferTask: Feb 10 11:45:55.589: TFP End: 8337 bytes transferred (0 retransmitted packets)

*TransferTask: Feb 10 11:45:55.592: tftp rc=0, pHost=172.16.33.141 pFilename=/final.pem

                                                                                           pLocalFilename=cert.p12

*TransferTask: Feb 10 11:45:55.592: RESULT_STRING: TFTP receive complete... Installing Certificate.

TFTP receive complete... Installing Certificate.

*TransferTask: Feb 10 11:45:55.592: RESULT_CODE:13

*emWeb: Feb 10 11:45:56.076: Still waiting!  Status = 2

*emWeb: Feb 10 11:45:59.077: Still waiting!  Status = 1

*TransferTask: Feb 10 11:45:59.593: Adding cert (8269 bytes) with certificate key password.

*TransferTask: Feb 10 11:45:59.596: sshpmAddWebauthCert: Extracting private key from webauth cert and using bundled pkcs12 password.

*TransferTask: Feb 10 11:46:01.510: sshpmDecodePrivateKey: calling ssh_skb_decode()...

*emWeb: Feb 10 11:46:02.076: Still waiting!  Status = 1

*TransferTask: Feb 10 11:46:03.423: sshpmDecodePrivateKey: SshPrivateKeyPtr after skb_decode: 0x31f3d50c

*TransferTask: Feb 10 11:46:03.423: sshpmAddWebauthCert: got private key; extracting certificate...

*TransferTask: Feb 10 11:46:03.429: sshpmAddWebauthCert: extracted binary cert; doing x509 decode

*TransferTask: Feb 10 11:46:03.430: sshpmAddWebauthCert: doing x509 decode for 1184 byte certificate...

*TransferTask: Feb 10 11:46:03.430: sshpmAddWebauthCert: failed to validate certificate...

*TransferTask: Feb 10 11:46:03.431: RESULT_STRING: Error installing certificate.

*TransferTask: Feb 10 11:46:03.431: RESULT_CODE:12

*TransferTask: Feb 10 11:46:03.432: ummounting: <umount /mnt/download/ >/dev/null 2>&1>  cwd  = /mnt/application

*TransferTask: Feb 10 11:46:03.479: finished umounting

Error installing certificate.

(Cisco Controller) >*TransferTask: Feb 10 11:46:03.483: Memory overcommit policy restored from 1 to 0

*sshpmLscTask: Feb 10 11:47:39.547: sshpmLscTask: LSC Task received a message 4

 

Somebody knows which could be the problem.

I attach the certificate.

 

Thanks

 

 

Etiquetas:
wlc.salle_.url_.edu_.zip
0 Útil
1 RESPUESTA 1

karlcisn
Cisco Employee
Cisco Employee

el ‎03-14-2015 11:27 AM

Hi

 

it seems to be a mistake with your root CA certificate, if you see the PEM file, the last certificate looks like this:

 

subject=/C=US/ST=New Jersey/L=Jersey City/O=The USERTRUST Network/CN=USERTrust RSA Certification Authority
issuer=/C=SE/O=AddTrust AB/OU=AddTrust External TTP Network/CN=AddTrust External CA Root

 

as the CN is different, it means that it is not a root CA certificate. So the chain was not done correctly. I see that when you open the .crt file it look like correct, but on the .pem file you can see the mistake.

 

 

You can also visit the community in english, as this query was posted on the spanish section.

https://supportforums.cisco.com/community/4931/wireless-mobility

 

0 Útil

Navegue y encuentre contenido personalizado de la comunidad

Discusiones Wireless Discusiones Mobile Más de Wireless & Mobile
Customers Also Viewed These Support Documents