Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation

Who Me Too'd this topic

Web authentication SSL certificate issue - 4402 vs 2504

Gunter
Level 1
Level 1

‎06-09-2017 03:09 PM - edited ‎07-05-2021 07:11 AM

Hello Everyone

I have a problem with upload new SSL certificate to my anchor WLC. Controller is old - 4402 with the newest available software. During the download certificate I get en error - from the GUI I get information "File transfer failed!" but this is not true because file was downloaded correctly. I've check what I can got from the CLI - I enabled debugging to have better overview what is going one - this is what I got:

(anchor) >transfer download start

Mode............................................. TFTP
Data Type........................................ Site Cert
TFTP Server IP................................... 10.70.164.136
TFTP Packet Timeout.............................. 6
TFTP Max Retries................................. 10
TFTP Path........................................ /
TFTP Filename.................................... finall-all-certs-oneyear2017.pem

This may take some time.
Are you sure you want to start? (y/N) y
*TransferTask: Jun 09 20:26:05.920: Memory overcommit policy changed from 0 to 1
*TransferTask: Jun 09 20:26:06.066: RESULT_STRING: TFTP Webauth cert transfer starting.
TFTP Webauth cert transfer starting.
*TransferTask: Jun 09 20:26:06.067: RESULT_CODE:1
*emWeb: Jun 09 20:26:08.921: Still waiting!  Status = 2
*TransferTask: Jun 09 20:26:10.072: Locking tftp semaphore, pHost=10.70.164.136 pFilename=/finall-all-certs-oneyear2017.pem
*TransferTask: Jun 09 20:26:10.073: Semaphore locked, now unlocking, pHost=10.70.164.136 pFilename=/finall-all-certs-oneyear2017.pem
*TransferTask: Jun 09 20:26:10.073: Semaphore successfully unlocked, pHost=10.70.164.136 pFilename=/finall-all-certs-oneyear2017.pem
*TransferTask: Jun 09 20:26:10.074: TFTP: Binding to local=0.0.0.0 remote=10.70.164.136
*TransferTask: Jun 09 20:26:10.113: TFP End: 7746 bytes transferred (0 retransmitted packets)
*TransferTask: Jun 09 20:26:10.114: tftp rc=0, pHost=10.70.164.136 pFilename=/finall-all-certs-oneyear2017.pem
                                                                                                                   pLocalFilename=cert.p12
*TransferTask: Jun 09 20:26:10.114: RESULT_STRING: TFTP receive complete... Installing Certificate.
*TransferTask: Jun 09 20:26:10.115: RESULT_CODE:13

TFTP receive complete... Installing Certificate.
*emWeb: Jun 09 20:26:11.920: Still waiting!  Status = 2
*TransferTask: Jun 09 20:26:14.115: Adding cert (7682 bytes) with certificate key password.
*TransferTask: Jun 09 20:26:14.118: sshpmAddWebauthCert: Extracting private key from webauth cert and using bundled pkcs12 password.
*TransferTask: Jun 09 20:26:14.123: sshpmDecodePrivateKey: private key decode failed...
*TransferTask: Jun 09 20:26:14.126: sshpmAddWebauthCert: key extraction failed.
*TransferTask: Jun 09 20:26:14.127: RESULT_STRING: Error installing certificate.
*TransferTask: Jun 09 20:26:14.127: RESULT_CODE:12
*TransferTask: Jun 09 20:26:14.127: ummounting: <umount /mnt/download/ >/dev/null 2>&1>  cwd  = /mnt/application
*TransferTask: Jun 09 20:26:14.172: finished umounting
*TransferTask: Jun 09 20:26:14.434: Memory overcommit policy restored from 1 to 0

Error installing certificate.

It's look like there is a problem with private key but when I download this certificate to 2504 with the code 8.0.x there is no problem at all

This is what I got on the 2504:

(test) >transfer download start

Mode............................................. TFTP
Data Type........................................ Site Cert
TFTP Server IP................................... 10.70.164.136
TFTP Packet Timeout.............................. 6
TFTP Max Retries................................. 10
TFTP Path........................................ /
TFTP Filename.................................... finall-all-certs-oneyear2017.pem

This may take some time.
Are you sure you want to start? (y/N) y
*TransferTask: Jun 09 16:31:55.295: Memory overcommit policy changed from 0 to 1
*TransferTask: Jun 09 16:31:55.295: RESULT_STRING: TFTP Webauth cert transfer starting.
TFTP Webauth cert transfer starting.
*TransferTask: Jun 09 16:31:55.295: RESULT_CODE:1
*TransferTask: Jun 09 16:31:59.297: Locking tftp semaphore, pHost=10.70.164.136 pFilename=/finall-all-certs-oneyear2017.pem
*TransferTask: Jun 09 16:31:59.381: Semaphore locked, now unlocking, pHost=10.70.164.136 pFilename=/finall-all-certs-oneyear2017.pem
*TransferTask: Jun 09 16:31:59.381: Semaphore successfully unlocked, pHost=10.70.164.136 pFilename=/finall-all-certs-oneyear2017.pem
*TransferTask: Jun 09 16:31:59.382: TFTP: Binding to remote=10.70.164.136
*TransferTask: Jun 09 16:31:59.889: TFP End: 7746 bytes transferred (0 retransmitted packets)
*TransferTask: Jun 09 16:31:59.889: tftp rc=0, pHost=10.70.164.136 pFilename=/finall-all-certs-oneyear2017.pem
                                                                                                                   pLocalFilename=cert.p12
*TransferTask: Jun 09 16:31:59.890: RESULT_STRING: TFTP receive complete... Installing Certificate.
TFTP receive complete... Installing Certificate.
*TransferTask: Jun 09 16:31:59.890: RESULT_CODE:13
*TransferTask: Jun 09 16:32:03.894: Adding cert (7682 bytes) with certificate key password.
*TransferTask: Jun 09 16:32:09.043: RESULT_STRING: Certificate installed.
                                                                           Reboot the switch to use new certificate.
*TransferTask: Jun 09 16:32:09.043: RESULT_CODE:11

Certificate installed.

Do you have any idea what's going on? I will be appreciated for your answers.

1 person had this problem
Labels:
0 Helpful
Who Me Too'd this topic