https://community.cisco.com/t5/wireless/how-to-proactively-prevent-ssc-mic-certificate-expiration/m-p/4293313#M226465 <P>We have hundreds of 3502i access points at one of our locations and have the same concern. I found this in the documentation-</P><P>config ap cert-expiry-ignore {mic|ssc} enable</P><P>&nbsp;</P><P>Important note: IOS APs (i.e. 802.11n / 802.11ac Wave 1 APs), which were manufactured with SHA-2 certificates,<BR />cannot ignore WLC certificate expiration prior to 8.5.160.0.<BR />See CSCvs22835</P><P>We are currently at 8.5.151.0 sounds like we will need to upgrade the code as well?</P><P>Thanks&nbsp;</P> Wed, 17 Feb 2021 21:18:22 GMT daswann 2021-02-17T21:18:22Z https://community.cisco.com/t5/wireless/how-to-proactively-prevent-ssc-mic-certificate-expiration/m-p/4261082#M224430 <P><A href="https://www.cisco.com/c/en/us/support/docs/field-notices/639/fn63942.html" target="_blank">https://www.cisco.com/c/en/us/support/docs/field-notices/639/fn63942.html</A><BR /><A href="https://community.cisco.com/t5/wireless-mobility-documents/lightweight-ap-fail-to-create-capwap-lwapp-connection-due-to/tac-p/4261080#M3213" target="_blank">https://community.cisco.com/t5/wireless-mobility-documents/lightweight-ap-fail-to-create-capwap-lwapp-connection-due-to/tac-p/4261080#M3213</A></P><P><BR />I know the problem arises when the certificate of WLC/AP expires.</P><P>So, we want to prevent certificate problems in advance.</P><P>&nbsp;</P><P>We using 5520 and 5508 WLC.</P><P>AP is using 1100 series and 2700,2800 series.</P><P>5520 version :&nbsp;8.3.150</P><P>5508 version :&nbsp;8.0.152</P><P>&nbsp;</P><P>WLC's SHA1 device cert is valid for 22 years and 23 years.</P><P>Can certificate problems be prevented in advance by just using the "config ap cert-expiry-ignore {mic | ssc} enable" command??</P> Mon, 05 Jul 2021 19:55:45 GMT https://community.cisco.com/t5/wireless/how-to-proactively-prevent-ssc-mic-certificate-expiration/m-p/4261082#M224430 JustTakeTheFirstStep 2021-07-05T19:55:45Z https://community.cisco.com/t5/wireless/how-to-proactively-prevent-ssc-mic-certificate-expiration/m-p/4261321#M224453 <P>I think Yes it ignore the expire check.</P> Sun, 20 Dec 2020 00:13:36 GMT https://community.cisco.com/t5/wireless/how-to-proactively-prevent-ssc-mic-certificate-expiration/m-p/4261321#M224453 MHM Cisco World 2020-12-20T00:13:36Z https://community.cisco.com/t5/wireless/how-to-proactively-prevent-ssc-mic-certificate-expiration/m-p/4261527#M224463 <P>Typically AP licence is valid for 10 years and expiring of that one cause this issue. Once you issue that workaround command listed in below Field Notice, then it will ignore that check.&nbsp;</P> <P><A href="https://www.cisco.com/c/en/us/support/docs/field-notices/639/fn63942.html" target="_self">https://www.cisco.com/c/en/us/support/docs/field-notices/639/fn63942.html</A>&nbsp;</P> <P>HTH</P> <P>Rasika</P> <P>*** Pls rate all useful responses ***</P> Sun, 20 Dec 2020 18:58:55 GMT https://community.cisco.com/t5/wireless/how-to-proactively-prevent-ssc-mic-certificate-expiration/m-p/4261527#M224463 Rasika Nayanajith 2020-12-20T18:58:55Z https://community.cisco.com/t5/wireless/how-to-proactively-prevent-ssc-mic-certificate-expiration/m-p/4293313#M226465 <P>We have hundreds of 3502i access points at one of our locations and have the same concern. I found this in the documentation-</P><P>config ap cert-expiry-ignore {mic|ssc} enable</P><P>&nbsp;</P><P>Important note: IOS APs (i.e. 802.11n / 802.11ac Wave 1 APs), which were manufactured with SHA-2 certificates,<BR />cannot ignore WLC certificate expiration prior to 8.5.160.0.<BR />See CSCvs22835</P><P>We are currently at 8.5.151.0 sounds like we will need to upgrade the code as well?</P><P>Thanks&nbsp;</P> Wed, 17 Feb 2021 21:18:22 GMT https://community.cisco.com/t5/wireless/how-to-proactively-prevent-ssc-mic-certificate-expiration/m-p/4293313#M226465 daswann 2021-02-17T21:18:22Z https://community.cisco.com/t5/wireless/how-to-proactively-prevent-ssc-mic-certificate-expiration/m-p/4294266#M226514 <P>Yes in this case you must upgrade. Please note, 8.5.171.0 was just released, with many important fixes. I'd upgrade to that one (which is probably the last version for 8.5).</P> <P>Release notes:&nbsp;<A href="https://www.cisco.com/c/en/us/td/docs/wireless/controller/release/notes/crn85mr7.html" target="_blank">https://www.cisco.com/c/en/us/td/docs/wireless/controller/release/notes/crn85mr7.html</A></P> Fri, 19 Feb 2021 12:44:51 GMT https://community.cisco.com/t5/wireless/how-to-proactively-prevent-ssc-mic-certificate-expiration/m-p/4294266#M226514 patoberli 2021-02-19T12:44:51Z https://community.cisco.com/t5/wireless/how-to-proactively-prevent-ssc-mic-certificate-expiration/m-p/4304996#M227126 <P><SPAN>&nbsp;8.5.171.0&nbsp;</SPAN></P><P>Thank you Patoberli&nbsp;</P><P>&nbsp;</P><P>In the&nbsp;<SPAN>CSCvs22835 bug it shows&nbsp;8.5(160.0) in the known fixed releases, does that include 8.5.160.6? I'm trying to understand if these are fixed in subsequent releases in the same 160 release; or are they specific meaning only fixed in 8.5.160.0 in this as an example?</SPAN></P><P>Thank you in advance for you time.&nbsp;</P><P>Dale</P><P>&nbsp;</P> Wed, 10 Mar 2021 15:56:32 GMT https://community.cisco.com/t5/wireless/how-to-proactively-prevent-ssc-mic-certificate-expiration/m-p/4304996#M227126 daswann 2021-03-10T15:56:32Z https://community.cisco.com/t5/wireless/how-to-proactively-prevent-ssc-mic-certificate-expiration/m-p/4305034#M227127 <P>Yes, then it should also be fixed in 8.5.160.6 typically. In rare cases this isn't true, but that's only something that TAC can answer.&nbsp;</P> Wed, 10 Mar 2021 16:31:27 GMT https://community.cisco.com/t5/wireless/how-to-proactively-prevent-ssc-mic-certificate-expiration/m-p/4305034#M227127 patoberli 2021-03-10T16:31:27Z