Hello,
we set up a new C9800 Cluster with version 17.3.1.
We configured DNS Option 43 and a Trustpoint on our WLAN MGMT. NTP on the controller is set.
But the AP is still not joining the WLC.
We see following output in the AP:
[*10/29/2020 07:34:36.9839] CAPWAP State: Discovery
[*10/29/2020 07:34:36.9849] Got WLC address 10.127.0.5 from DHCP.
[*10/29/2020 07:34:36.9849] IP DNS query for CISCO-CAPWAP-CONTROLLER.xxx
[*10/29/2020 07:34:36.9929] Discovery Request sent to 10.127.0.5, discovery type DHCP(2)
[*10/29/2020 07:34:36.9939] Discovery Request sent to 255.255.255.255, discovery type UNKNOWN(0)
[*10/29/2020 07:34:36.9949] Discovery Response from 10.127.0.5
[*10/29/2020 07:34:36.9959] Discovery Response from 10.127.0.5
[*10/29/2020 07:34:46.0000]
[*10/29/2020 07:34:46.0000] CAPWAP State: DTLS Setup
[*10/29/2020 07:34:46.3440] dtls_process_packet: DTLS Error: 1046
[*10/29/2020 07:34:46.3440] dtls_process_packet: The controller shut down the DTLS connection.
[*10/29/2020 07:34:46.3440] dtls_process_packet: Please verify that the AP certificate is valid and has not expired.
on WLC:
Oct 29 08:54:41.841 MET: %CAPWAPAC_SMGR_TRACE_MESSAGE-5-AP_JOIN_DISJOIN: Chassis 2 R0/0: wncd: AP Event: Session-IP:10.127.2.24[5257] CAPWAP DTLS session closed for AP, cause: DTLS handshake error
Oct 29 08:54:41.841 MET: %DTLS_TRACE_MSG-3-EWLC_DTLS_ERR: Chassis 2 R0/0: wncd: DTLS Error, session:10.127.2.24[5257] Mac:a488.7385.7e00, Certificate validation failed
Oct 29 08:54:41.841 MET: %CERT_MGR_ERRMSG-3-CERT_VALIDATION_ERR: Chassis 2 R0/0: wncd: Certificate Validation Error, Cert validation status:pki_ssl_status@pki_ssl_status:PKI_SSL_ERROR
I see, there is some problem with the certificate. Has anyone a idea how to solve it?
