Buy or Renew
Buy or Renew
Cisco Virtual Engineer generative AI bot now active in Wireless Discussion Forum. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Create a new article
3260
Views
0
Helpful
0
Comments

The "Unable to free public key for AP" error message appears in the debug LWAPP events when the MAP does not register with the 4402 WLC

TCC_2
Level 10
Level 10

‎06-22-2009 04:41 PM - edited ‎11-18-2020 02:34 AM

 

 

Introduction

 

 

The Mesh AP 1500 (MAP) MAC address and the Manufactured Installed Certificate (MIC) are not selected under the access point (AP) policy. When this issue occurs, the Unable to free public key for AP error message appears.

 

Thu Jan 26 20:23:27 2006: sshpmGetIssuerHandles: Cert is issued by Cisco Systems.
Thu Jan 26 20:23:27 2006: sshpmGetIssuerHandles: SSC is not allowed by config; 
bailing...
Thu Jan 26 20:23:27 2006: LWAPP Join-Request does not include valid certificate 
in CERTIFICATE_PAYLOAD from AP 00:13:5f:f9:dc:b0.
Thu Jan 26 20:23:27 2006: sshpmFreePublicKeyHandle: called with (nil)
Thu Jan 26 20:23:27 2006: sshpmFreePublicKeyHandle: NULL argument.
Thu Jan 26 20:23:27 2006: Unable to free public key for AP  00:13:5F:F9:DC:B0 
Thu Jan 26 20:23:27 2006: spamDeleteLCB: stats timer not initialized for AP 
00:13:5f:f9:dc:b0
Thu Jan 26 20:23:27 2006: spamProcessJoinRequest : spamDecodeJoinReq failed

Resolution

 

Verify that the Wireless LAN Controller (WLC) time and time zone are correct. Also, add the MAC address of the MAP to the MAC filtering list.

  1. From the GUI, choose WebGUI > Controller > Security, and click MAC filtering under AAA on the left side of the page.
  2. Add the MAC address and the appropriate data, and click Apply.
  3. Choose MIC from the drop-down menu.
  4. Check the self signed cert check box under Security > AP policy.

 

MIC stands for Manufactured Installed Certificate. APs made after December 2005 have a digital certificate installed on them at the factory. APs before this date need to have a Self Signed Certificate (SSC) generated when they are converted to LWAPP.

 

The combination of the AP policies and the MAC filter list is necessary because of Cisco bug ID CSCsf21233. The MAPs must be added to the MAC filter list, but at times, they do not work unless they are added to the AP policy list.

 

Problem Type

Error message

Device cannot register

Client / Device cannot authenticate

 

Products

Access point

Wireless LAN Controllers

Mesh Access Point 1500

 

SW Features

Lightwieght Access Point Protocol (LWAPP)

 

Reference

 

Self-Signed Certificate Manual Addition to the Controller for LWAPP-Converted APs

LWAPP Upgrade Tool Troubleshoot Tips

 

 

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents