cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
6747
Views
5
Helpful
4
Replies

Install GoDaddy wildcard SSL on WLC 2504 conroller

Seth Bjorn
Level 1
Level 1

I'm attempting to install a GoDaddy wildcard ssl certificate onto a WLC 2504 running version 7.4.100.0.

I am getting the error "#SSHPM-3-KEYED_PEM_DECODE_FAILED: sshpmcert.c:4055 Cannot PEM decode private key" when downloading the .pem file to the controller.

What I have attempted to do was to export the certificate from a Windows 2008 R2 server into a .pfx file. The file contained the private key and all possible root certficates (in this case a root and a intermediate cert). Now I took this .pfx file and attempted to create a .pem file with openssl using the following command: openssl pkcs12 -in myssl.pfx -out mynewssl.pem -passin pass:mypassword -passout pass:mypassword

Now I have opened the .pem file and verified it does contain the private key and the three certificates (wildcard, intermediate and root).

1 Accepted Solution

Accepted Solutions

Kenneth Sharp
Level 1
Level 1

Seth,

I had a similar problem, and saw the solution in another post on this forum.  I am cross-posting this to help anyone else out there who might be searching for this answer.

Kudos to Robert Wells for finding this:

"I have it fixed now. The problem was the cisco only supports openssl 0.9.8x. I was using 1.0.1c. I used 0.9.8x and it worked perfectly fine."

The Windows version of OpenSSL I used was the 0.9.8y Light version from:

http://slproweb.com/download/Win32OpenSSL_Light-0_9_8y.exe

I hope this helps someone out there with this problem.

   - Ken

View solution in original post

4 Replies 4

David Watkins
Level 4
Level 4

Did you specify the certificate "password" you used on the 2504 WLC before downloading it?

When you combined the chained cert did you use the order device/wildcard, intermediate, root?

I'm not sure what you meen about exporting this from 2008 R2 if you created a CSR that GoDaddy signed; when did 2008 come in to play?

If you're following all of these steps you "should" be fine.  http://www.cisco.com/en/US/products/ps6366/products_configuration_example09186a0080a77592.shtml

Password was specified both in creating the file and on the WLC when uploading.

As stated in the OP, opening the .pem file shows the certs lined up from top to bottom as wildcard/device then intermediate, then root.

Win2008 comes into the picture because I did not generate a CSR on the wlc because I want to reuse an existing wildcard cert I have on said Win2008 machine. From the Win2008 machine I exported the entire chain and private key using a .pfx file. I used openssl to convert that to a pem file with the command in the OP.

Kenneth Sharp
Level 1
Level 1

Seth,

I had a similar problem, and saw the solution in another post on this forum.  I am cross-posting this to help anyone else out there who might be searching for this answer.

Kudos to Robert Wells for finding this:

"I have it fixed now. The problem was the cisco only supports openssl 0.9.8x. I was using 1.0.1c. I used 0.9.8x and it worked perfectly fine."

The Windows version of OpenSSL I used was the 0.9.8y Light version from:

http://slproweb.com/download/Win32OpenSSL_Light-0_9_8y.exe

I hope this helps someone out there with this problem.

   - Ken

ron.wilkerson
Level 1
Level 1

I had issues using openssl.

Open a TAC case and they'll combine the cert for you and you just install it.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: