
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-03-2025 07:52 PM - edited 03-03-2025 07:54 PM
PKI Config push Failed when provisioning WLC from DNAC
WLC#ter mo
Mar 4 01:31:42.745: %PKI-3-PKCS12_IMPORT_FAILURE: PKCS #12 import failed for trustpoint: sdn-network-infra-wan. Reason: Failed to read PKCS12 from url: https://20.20.20.20/api/v1/trust-point/pkcs12/c8fbfbbc-4167-4b1e-9db7-2cc6f7121654/s301auh4v3aiiv8n9l6ocbll0i
Mar 4 01:31:42.748: %PKI-6-TRUSTPOINT_DELETE: Trustpoint: sdn-network-infra-iwan deleted succesfully
The status of netconf is no problem.
WLC#show netconf-yang status
netconf-yang: enabled
netconf-yang candidate-datastore: disabled
netconf-yang side-effect-sync: enabled
netconf-yang ssh port: 830
DNAC$ ssh -l admin 10.10.10.10 -p 830
FIPS mode initialized
admin@10.10.10.10's password:
<?xml version="1.0" encoding="UTF-8"?>
<hello xmlns="urn:ietf:params:xml:ns:netconf:base:1.0">
<capabilities>
Does anyone know of a workaround?
Solved! Go to Solution.
- Labels:
-
SD-Access
Accepted Solutions
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-03-2025 11:35 PM
i'd say w/a would be upload certificate from WLC UI instead of DNAC.
but in your output there is one concerning thing:
https://20.20.20.20/api/v1/trust-point/pkcs12/c8fbfbbc-4167-4b1e-9db7-2cc6f7121654/s301auh4v3aiiv8n9l6ocbll0i
is it possible that HTTPS from WLC to that URL simply fails?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-03-2025 11:35 PM
i'd say w/a would be upload certificate from WLC UI instead of DNAC.
but in your output there is one concerning thing:
https://20.20.20.20/api/v1/trust-point/pkcs12/c8fbfbbc-4167-4b1e-9db7-2cc6f7121654/s301auh4v3aiiv8n9l6ocbll0i
is it possible that HTTPS from WLC to that URL simply fails?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-06-2025 05:38 AM - edited 03-06-2025 05:38 AM
Fusion#telnet 20.20.20.20 443
Trying 20.20.20.20, 443 ...
% Destination unreachable; gateway or host down
The port was being denied by the firewall.
After permitting the port on the firewall, everything is fine.
Thanks for your help.
