WLC software version: 184.108.40.206
I want to use the LetsEncrypt Wildcard on WLC Web Authentication Certificate
But when I upload thie file, it always says that "File Transfer Failed.
Seeing the message logs, it pop out that
*TransferTask: Feb 20 04:10:30.378: %UPDATE-3-CERT_INST_FAIL: updcode.c:2754 Failed to install certificate. rc = 1
I am not sure if there is anything mistake on my certificate
I just following the tutorial to generate the final.pem
LetsEncrypt provides cert.pem, chain.pem, fullchain.pem, privkey.pem
And I go to there homepage and download it's Intermediate CA certificate (IdenTrust cross-signed) and Root CA certificate(ISRG Root X1)
I have tried combine with cert.pem or fullchain.pem to generate the final.pem , but I still get the error.
The command like ..
$ cat cert.pem Intermediate CA certificate (IdenTrust cross-signed) Root CA certificate(ISRG Root X1) > all.pem
$ cat fullchain.pem Intermediate CA certificate (IdenTrust cross-signed) Root CA certificate(ISRG Root X1) > all.pem
$openssl> pkcs12 –export -in all.pem -inkey privkey.pem –out All–certs.p12 -clcerts -passin pass:check123 -passout pass:check123
$openssl> pkcs12 –in all.p12 –out final.pem -passin pass:check123 –passout pass:check123
I have no idea what the problem is, maybe the software version too old or openssl version no match?
Many thanks for any suggestion,
What version of openssl are you using:
Note: OpenSSL Version 0.9.8 is the recommended version for old WLC releases; however, as of Version 7.5, support for OpenSSL Version 1.0 was also added (refer to Cisco bug ID CSCti65315 - Need Support for certificates generated using OpenSSL v1.0) and is the recommended version to use. OpenSSL 1.1 works was also tested and works great on 8.x and later WLC releases.
I'm guessing the issue is that the chaining hasn't been done correctly make sure you are following all steps in the Cisco document you referenced
Hi Haydn Andrews,
On the Web Auth Server, my openssl version is OpenSSL 1.0.2k-freebsd 26 Jan 2017
WLC software version is 220.127.116.11
It seems that the version of WLC and openssl is fine?
I have followed the document of cisco wlc ( part 3rd party )
just the same as the picture below
Am I using the wrong certificate on letsencrypt to combine All-certs.pem?
Many thanks for your help,
Letsencrypt is not supported on the WLC's as you need a web server to support these services. This is due to the fact that the server needs to be able to communicate with letsencrypt to update it's certificate on an occurring basis.
<<< Please help the community by marking useful posts helpful, or accept as a solution if it resolved your issue >>>