Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Create a new article
5939
Views
0
Helpful
0
Comments

How to recover the hash key off the Access Point and import it onto the controller

TCC_2
Level 10
Level 10

‎06-22-2009 06:15 PM - edited ‎11-18-2020 02:46 AM

 

 

Introduction

How to recover the hash key off the Access Point and import it onto the controller.

Core Issue

The Lightweight Access Point Protocol (LWAPP) conversion tool saves a key hash file on the PC running the conversion application. 

Resolution

SHA1 Key Hash key can be found in the file stored in Comma-Separated Values (CSV) format in the Upgrade Tool directory.  This is an example:

 

C:\Program File\Cisco Systems\Upgrade Tool

The file is in CSV format.

Perform these steps on the controller:

Go to  SecurityAP Policies > Accept Self Signed Certificate (check box).

 

/image/gif/paws/70341/manual_add_ssc1.gif

 

Add these under the Access Point (AP) authorization list

    • The MAC address of the AP
    • The certificate type
    • SHA1 Key Hash (The key can be found in the file stored in CSV format in the Upgrade Tool directory.)

 

/image/gif/paws/70341/manual_add_ssc2.gif

Enable Accept Self Signed Certificate.

More Information

Locate the SHA1 Key Hash

If the computer that performed the AP conversion is available, you can obtain the Secure Hash Algorithm 1 (SHA1) Key Hash from the .csv file that is in the Cisco Upgrade Tool directory. If the .csv file is unavailable, you can issue a debug command on the WLC in order to retrieve the SHA1 Key Hash.

Complete these steps:

Turn on the AP and connect it to the network.

Enable the debugging on the WLC command-line interface (CLI).

The command is debug pm pki enable.

(Cisco Controller) >debug pm pki enable
Mon May 22 06:34:10 2006: sshpmGetIssuerHandles: getting (old) aes ID cert handle...
Mon May 22 06:34:10 2006: sshpmGetCID: called to evaluate <bsnOldDefaultIdCert>
Mon May 22 06:34:10 2006: sshpmGetCID: comparing to row 0, CA cert 
>bsnOldDefaultCaCert<
Mon May 22 06:34:10 2006: sshpmGetCID: comparing to row 1, CA cert 
>bsnDefaultRootCaCert<
Mon May 22 06:34:10 2006: sshpmGetCID: comparing to row 2, CA cert 
>bsnDefaultCaCert<
Mon May 22 06:34:10 2006: sshpmGetCID: comparing to row 3, CA cert 
>bsnDefaultBuildCert<
Mon May 22 06:34:10 2006: sshpmGetCID: comparing to row 4, CA cert 
>cscoDefaultNewRootCaCert<
Mon May 22 06:34:10 2006: sshpmGetCID: comparing to row 5, CA cert 
>cscoDefaultMfgCaCert<
Mon May 22 06:34:10 2006: sshpmGetCID: comparing to row 0, ID cert 
>bsnOldDefaultIdCert<
Mon May 22 06:34:10 2006: sshpmGetIssuerHandles: Calculate SHA1 hash on Public Key 
Data
Mon May 22 06:34:10 2006: sshpmGetIssuerHandles: Key Data 30820122 300d0609 
2a864886 f70d0101 
Mon May 22 06:34:10 2006: sshpmGetIssuerHandles: Key Data 01050003 82010f00 
3082010a 02820101 
Mon May 22 06:34:10 2006: sshpmGetIssuerHandles: Key Data 00c805cd 7d406ea0 
cad8df69 b366fd4c 
Mon May 22 06:34:10 2006: sshpmGetIssuerHandles: Key Data 82fc0df0 39f2bff7 
ad425fa7 face8f15 
Mon May 22 06:34:10 2006: sshpmGetIssuerHandles: Key Data f356a6b3 9b876251 
43b95a34 49292e11 
Mon May 22 06:34:10 2006: sshpmGetIssuerHandles: Key Data 038181eb 058c782e 
56f0ad91 2d61a389 
Mon May 22 06:34:10 2006: sshpmGetIssuerHandles: Key Data f81fa6ce cd1f400b 
b5cf7cef 06ba4375 
Mon May 22 06:34:10 2006: sshpmGetIssuerHandles: Key Data dde0648e c4d63259 
774ce74e 9e2fde19 
Mon May 22 06:34:10 2006: sshpmGetIssuerHandles: Key Data 0f463f9e c77b79ea 
65d8639b d63aa0e3 
Mon May 22 06:34:10 2006: sshpmGetIssuerHandles: Key Data 7dd485db 251e2e07 
9cd31041 b0734a55 
Mon May 22 06:34:14 2006: sshpmGetIssuerHandles: Key Data 463fbacc 1a61502d 
c54e75f2 6d28fc6b 
Mon May 22 06:34:14 2006: sshpmGetIssuerHandles: Key Data 82315490 881e3e31 
02d37140 7c9c865a 
Mon May 22 06:34:14 2006: sshpmGetIssuerHandles: Key Data 9ef3311b d514795f 
7a9bac00 d13ff85f 
Mon May 22 06:34:14 2006: sshpmGetIssuerHandles: Key Data 97e1a693 f9f6c5cb 
88053e8b 7fae6d67 
Mon May 22 06:34:14 2006: sshpmGetIssuerHandles: Key Data ca364f6f 76cf78bc 
bc1acc13 0d334aa6 
Mon May 22 06:34:14 2006: sshpmGetIssuerHandles: Key Data 031fb2a3 b5e572df 
2c831e7e f765b7e5 
Mon May 22 06:34:14 2006: sshpmGetIssuerHandles: Key Data fe64641f de2a6fe3 
23311756 8302b8b8 
Mon May 22 06:34:14 2006: sshpmGetIssuerHandles: Key Data 1bfae1a8 eb076940 
280cbed1 49b2d50f 
Mon May 22 06:34:14 2006: sshpmGetIssuerHandles: Key Data f7020301 0001
Mon May 22 06:34:14 2006: sshpmGetIssuerHandles: SSC Key Hash is 
9e4ddd8dfcdd8458ba7b273fc37284b31a384eb9
Mon May 22 06:34:14 2006: LWAPP Join-Request MTU path from AP 00:0e:84:32:04:f0 
is 1500, remote debug mode is 0
Mon May 22 06:34:14 2006: spamRadiusProcessResponse: AP Authorization failure for 
00:0e:84:32:04:f0

Problem Type

Upgrade

Products

Wireless LAN Controllers

4400 Series

2000 Series

Additional Information

Self-Signed Certificate Manual Addition to the Controller for LWAPP-Converted APs

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents