Introduction
The Mesh AP 1500 (MAP) MAC address and the Manufactured Installed Certificate (MIC) are not selected under the access point (AP) policy. When this issue occurs, the Unable to free public key for AP error message appears.
Thu Jan 26 20:23:27 2006: sshpmGetIssuerHandles: Cert is issued by Cisco Systems.
Thu Jan 26 20:23:27 2006: sshpmGetIssuerHandles: SSC is not allowed by config;
bailing...
Thu Jan 26 20:23:27 2006: LWAPP Join-Request does not include valid certificate
in CERTIFICATE_PAYLOAD from AP 00:13:5f:f9:dc:b0.
Thu Jan 26 20:23:27 2006: sshpmFreePublicKeyHandle: called with (nil)
Thu Jan 26 20:23:27 2006: sshpmFreePublicKeyHandle: NULL argument.
Thu Jan 26 20:23:27 2006: Unable to free public key for AP 00:13:5F:F9:DC:B0
Thu Jan 26 20:23:27 2006: spamDeleteLCB: stats timer not initialized for AP
00:13:5f:f9:dc:b0
Thu Jan 26 20:23:27 2006: spamProcessJoinRequest : spamDecodeJoinReq failed
Resolution
Verify that the Wireless LAN Controller (WLC) time and time zone are correct. Also, add the MAC address of the MAP to the MAC filtering list.
- From the GUI, choose WebGUI > Controller > Security, and click MAC filtering under AAA on the left side of the page.
- Add the MAC address and the appropriate data, and click Apply.
- Choose MIC from the drop-down menu.
- Check the self signed cert check box under Security > AP policy.
MIC stands for Manufactured Installed Certificate. APs made after December 2005 have a digital certificate installed on them at the factory. APs before this date need to have a Self Signed Certificate (SSC) generated when they are converted to LWAPP.
The combination of the AP policies and the MAC filter list is necessary because of Cisco bug ID CSCsf21233. The MAPs must be added to the MAC filter list, but at times, they do not work unless they are added to the AP policy list.
Problem Type
Error message
Device cannot register
Client / Device cannot authenticate
Products
Access point
Wireless LAN Controllers
Mesh Access Point 1500
SW Features
Lightwieght Access Point Protocol (LWAPP)
Reference
Self-Signed Certificate Manual Addition to the Controller for LWAPP-Converted APs
LWAPP Upgrade Tool Troubleshoot Tips