Buy or Renew
Buy or Renew
Cisco Virtual Engineer generative AI bot now active in Wireless Discussion Forum. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
688
Views
0
Helpful
5
Replies

5760 stops using installed 3rd party cert

Kyle Fine
Level 1
Level 1

‎02-11-2014 10:19 AM - edited ‎07-05-2021 12:09 AM

Hello,

I have successfully installed a 3rd party cert from GlobalSign on the 5760 for webauth with an open SSID. It works for about a week or two, then for some reason the 5760 stops using the GlobalSign cert and starts giving clients the IOS-self-signed cert when they try to authenticate.

a "show crypto pki trustpoints" shows the certs GlobalSign certs are still there. The time is correct on the controller and the certs are valid. If I remove the trustpoints (certs) "no crypto pki trustpoint <name>" and paste the certs back in things work again (for a few days). I have two 5760s. The issue is happening on both.

The code version is 03.03.01SE which seems to be very buggy. I have my own bug ID for a different problem and have 3 other tac cases open on this thing. TAC doesn't seem overly knowledgeable when it comes to the 5760, or at least isn't as responsive with a correct answer in a timely fashion.

Is anyone else having a similar problem?

Labels:
0 Helpful
5 Replies 5

Scott Fella
Hall of Fame
Hall of Fame

‎02-11-2014 02:24 PM

Converged access is still pretty new. I'm not surprised that TAC might not have all the answers but eventually when more and more customers start rolling this out even is on the forums can provide more input. I only have few customers who have gone this route and my home lab with the 5760 doesn't do justice:). Good to know that you seem to see that there are issues as I don't have much feed back from my customers. Hopefully TAC can help you with the issues your having.

Sent from Cisco Technical Support iPhone App

-Scott
*** Please rate helpful posts ***
0 Helpful

Kyle Fine
Level 1
Level 1
In response to Scott Fella

‎02-11-2014 03:39 PM

Thanks for the reply Scott!

Just got an email from TAC. They say others are having the same problem. Looks like I might get my second bug ID for this install. If so, I'll post it here.

0 Helpful

Scott Fella
Hall of Fame
Hall of Fame
In response to Kyle Fine

‎02-11-2014 04:22 PM

Sounds good thanks!!! Keep us posted!

Sent from Cisco Technical Support iPhone App

-Scott
*** Please rate helpful posts ***
0 Helpful

patrick.kofler
Level 1
Level 1

‎02-14-2014 01:03 AM

I think we have a similar issue. However it only affects few clients so far, but I cannot say for certain as the average user tends to ignore the certificate warning, continues on and does not open a ticket. As such the actual number could be higher.

When I tried to reproduce the problem I always got the valid certificate shown.

Regards,

Patrick

0 Helpful

Kyle Fine
Level 1
Level 1

‎02-14-2014 04:07 AM

It looks like the following bugs are happening on the controller.

CSCso99119

CSCsj86036

The bugs are for router IOS but since the controller is now IOS based (instead of Airos) they become applicable.

TAC notified me of the bugs, I wouldn't have never thought to look through router bugs.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card