5508 LSC/CA Server/CA server URL

james.betts · ‎09-17-2013

I'm trying to implement certificate authentication between my access points and my 5508.

In one document I read that a Cisco router equipped with the Security release software could act as a CA. I had such a router and followed the instructions to set up the CA on this router. When I had completed this, I noted that the CA could be accessed via http://router/cgi-bin/pkiclient.exe with a query string following the URL.

In trying to get my 5508 to use the new CA, I tried a variety of different entries in the "CA server URL" field, but no matter what I used, it didn't work correctly, the access points would print the message "LSC CA cert successfully imported" several times, and then reboot about once every 10 minutes. If I unchecked "Enable LSC on Controller" the access points would operate correctly.

Any suggestions on where I should look? I've looked high and low for documentation on the value of the "CA server URL" and have found examples showing how to interface to MS CA, but not to IOS CA.

Thanks,

Jim

AP output:

*Sep 17 14:30:21.407: %CLEANAIR-6-STATE: Slot 0 disabled
*Sep 17 14:30:21.407: %CLEANAIR-6-STATE: Slot 1 disabled
*Sep 17 14:31:11.175: %DOT11-6-DFS_SCAN_COMPLETE: DFS scan complete on frequency 5320 MHz
LSC CA cert successfully imported
LSC CA cert successfully imported
LSC CA cert successfully imported
LSC CA cert successfully imported
LSC CA cert successfully imported

Writing out the event log to flash:/event.log ...
*Sep 17 14:43:18.071: %SYS-5-RELOAD: Reload requested by LWAPP CLIENT. Reload Reason: LSC Provision max retries.
*Sep 17 14:43:18.071: %LWAPP-5-CHANGED: CAPWAP changed state to DOWN

Alexey Belousov · ‎04-08-2017

Hello,

try to debug, i think, scep is not working . http://www.cisco.com/c/en/us/support/docs/wireless/4400-series-wireless-lan-controllers/110141-loc-sig-cert.pdf