Buy or Renew
Buy or Renew
Register Here! - Join us 11/13 for the "Navigating DHCP Processes in SD-Access Network" Community Live event
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
168
Views
2
Helpful
2
Replies

PKI Config push Failed when provisioning WLC from DNAC

Go to solution
JustTakeTheFirstStep
Level 4
Level 4

‎03-03-2025 07:52 PM - edited ‎03-03-2025 07:54 PM

JustTakeTheFirstStep_1-1741058688848.png

PKI Config push Failed when provisioning WLC from DNAC

 

WLC#ter mo
Mar  4 01:31:42.745: %PKI-3-PKCS12_IMPORT_FAILURE: PKCS #12 import failed for trustpoint: sdn-network-infra-wan. Reason: Failed to read PKCS12 from url: https://20.20.20.20/api/v1/trust-point/pkcs12/c8fbfbbc-4167-4b1e-9db7-2cc6f7121654/s301auh4v3aiiv8n9l6ocbll0i
Mar  4 01:31:42.748: %PKI-6-TRUSTPOINT_DELETE: Trustpoint: sdn-network-infra-iwan deleted succesfully

 

The status of netconf is no problem.

 

WLC#show netconf-yang status
netconf-yang: enabled
netconf-yang candidate-datastore: disabled
netconf-yang side-effect-sync: enabled
netconf-yang ssh port: 830

DNAC$ ssh -l admin 10.10.10.10 -p 830
FIPS mode initialized
admin@10.10.10.10's password: 
<?xml version="1.0" encoding="UTF-8"?>
<hello xmlns="urn:ietf:params:xml:ns:netconf:base:1.0">
<capabilities>

 

Does anyone know of a workaround?

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Andrii Oliinyk
VIP
VIP

‎03-03-2025 11:35 PM

i'd say w/a would be upload certificate from WLC UI instead of DNAC.
but in your output there is one concerning thing: 

https://20.20.20.20/api/v1/trust-point/pkcs12/c8fbfbbc-4167-4b1e-9db7-2cc6f7121654/s301auh4v3aiiv8n9l6ocbll0i

 is it possible that HTTPS from WLC to that URL simply fails? 

View solution in original post

2 Replies 2

Go to solution
Andrii Oliinyk
VIP
VIP

‎03-03-2025 11:35 PM

i'd say w/a would be upload certificate from WLC UI instead of DNAC.
but in your output there is one concerning thing: 

https://20.20.20.20/api/v1/trust-point/pkcs12/c8fbfbbc-4167-4b1e-9db7-2cc6f7121654/s301auh4v3aiiv8n9l6ocbll0i

 is it possible that HTTPS from WLC to that URL simply fails? 

Go to solution
JustTakeTheFirstStep
Level 4
Level 4
In response to Andrii Oliinyk

‎03-06-2025 05:38 AM - edited ‎03-06-2025 05:38 AM

 

Fusion#telnet 20.20.20.20 443                 
Trying 20.20.20.20, 443 ... 
% Destination unreachable; gateway or host down

 

The port was being denied by the firewall.
After permitting the port on the firewall, everything is fine.
Thanks for your help.

0 Helpful
Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card