https://community.cisco.com/t5/wireless/5520-webadmin-sso/m-p/3317554#M216510 <P>Hello</P> <P>&nbsp;</P> <P>This means i Break up then both WLCs hostname is for ex WLC 1 and 2 and i generate a new csr for wlc2 and upload the signed one? After that i create the redundancy again?</P> <P>&nbsp;</P> <P>Regards,</P> <P><BR />Bernhard</P> Wed, 24 Jan 2018 10:31:42 GMT bern.rain 2018-01-24T10:31:42Z https://community.cisco.com/t5/wireless/5520-webadmin-sso/m-p/3317536#M216507 <P>Hello</P> <P>&nbsp;</P> <P>I have a WLC 5520 SSO installation with 8.5.103 installed and generated the CSR over gui. After i installed the .pem file the controller rebooted and i was able to login with https. When i did the failovertest i was unable to login over https to the secondary controller. I checked on the cli the cert looks fine. The secondary controller syncronized all correct</P> <P>&nbsp;</P> <P>are there any know problems.</P> <P>&nbsp;</P> <P>Regards,</P> <P>Bernhard</P> Mon, 05 Jul 2021 15:09:17 GMT https://community.cisco.com/t5/wireless/5520-webadmin-sso/m-p/3317536#M216507 bern.rain 2021-07-05T15:09:17Z https://community.cisco.com/t5/wireless/5520-webadmin-sso/m-p/3317545#M216508 That's because the CSR wasn't uploaded to the secondary unit. <BR />Break HA and load CSR to each physical unit. Only after this is done do you put them back into HA. Wed, 24 Jan 2018 10:21:26 GMT https://community.cisco.com/t5/wireless/5520-webadmin-sso/m-p/3317545#M216508 Leo Laohoo 2018-01-24T10:21:26Z https://community.cisco.com/t5/wireless/5520-webadmin-sso/m-p/3317547#M216509 <P>Hi&nbsp;<a href="https://community.cisco.com/t5/user/viewprofilepage/user-id/71953">@bern.rain</a></P> <P>&nbsp;</P> <P>&nbsp;It seems that the certificate is not replicated. Cisco docs states:</P> <P>&nbsp;</P> <P>"Device and root certificates are not automatically synced to the Standby controller."</P> <P>"APs with LSC certificates are supported. The controller's LSC certificate and SCEP configuration must be implemented on the active and standby controllers before activating SSO."</P> <P>"<SPAN>The download of certificates should be done separately on each box and should be done before pairing"</SPAN></P> <P>&nbsp;</P> <P><SPAN><A href="https://www.cisco.com/c/en/us/td/docs/wireless/controller/technotes/7-5/High_Availability_DG.html" target="_self">https://www.cisco.com/c/en/us/td/docs/wireless/controller/technotes/7-5/High_Availability_DG.html</A></SPAN></P> <P>&nbsp;</P> <P><SPAN>-If I helped you somehow, please, rate it as useful.-</SPAN></P> Wed, 24 Jan 2018 10:24:08 GMT https://community.cisco.com/t5/wireless/5520-webadmin-sso/m-p/3317547#M216509 Flavio Miranda 2018-01-24T10:24:08Z https://community.cisco.com/t5/wireless/5520-webadmin-sso/m-p/3317554#M216510 <P>Hello</P> <P>&nbsp;</P> <P>This means i Break up then both WLCs hostname is for ex WLC 1 and 2 and i generate a new csr for wlc2 and upload the signed one? After that i create the redundancy again?</P> <P>&nbsp;</P> <P>Regards,</P> <P><BR />Bernhard</P> Wed, 24 Jan 2018 10:31:42 GMT https://community.cisco.com/t5/wireless/5520-webadmin-sso/m-p/3317554#M216510 bern.rain 2018-01-24T10:31:42Z https://community.cisco.com/t5/wireless/5520-webadmin-sso/m-p/3317556#M216511 The CSR has been upload to the primary. So now upload the same CSR to secondary and reboot the secondary. Wed, 24 Jan 2018 10:33:15 GMT https://community.cisco.com/t5/wireless/5520-webadmin-sso/m-p/3317556#M216511 Leo Laohoo 2018-01-24T10:33:15Z