04-17-2014 07:33 PM - edited 07-05-2021 12:42 AM
Good Day,
I tried to load a 3rd party certificate to a pair of 5508s last night.
The tftp transfer was successful, but the controllers failed to install the certificate.
I ran debug transfer all enable and could see that I received ERROR_CODE:12 each time.
Just wondering if anyone has come across this and what they did to correct it.
thanks very much
regards
amanda
Solved! Go to Solution.
04-21-2014 01:17 AM
CLI commands to load the certificate into the controller
transfer download serverip <IP of server>
transfer download datatype webauthcert
transfer download filename <cert filename>
transfer download mode tftp
debug transfer tftp enable
transfer download start
Please reboot the controller once
04-21-2014 01:17 AM
CLI commands to load the certificate into the controller
transfer download serverip <IP of server>
transfer download datatype webauthcert
transfer download filename <cert filename>
transfer download mode tftp
debug transfer tftp enable
transfer download start
Please reboot the controller once
04-21-2014 02:36 PM
Hi Amanda,
looks to me that unsupported openssl version was used for certificate request.
I had the same or similar issue, in the Cisco documentation you can find the following note:
Note: OpenSSL 0.9.8 is required as the WLC does not currently support OpenSSL 1.0.
Hope this helps.
K.
04-24-2014 06:30 PM
I have the same problem even with OpenSSL 0.9.8. The result is always error code 12.
04-29-2014 11:31 PM
Hi K,
The cert was generated by my colleague, but he is using SSL 0.9.8
As a point of interest, I had a chained certificate.
As I understand it, chained certificates are not compatible with the Wireless Controllers for the web administration page.
I think that is my problem.
This leads to a new question.
I wonder if I can use an intermediate certificate or a wildcard certificate on the server.
All of the PCs have a company certificate on them due to the fact that we are using dot1x on the wired network.
any ideas?
thanks
04-30-2014 12:01 AM
I believe you can split up the chained certificate to the separate ones and then install first the root, then all intermediates and as the last one the machine certificate. I think it worked that way when I did it once on a 4404 controller.
04-30-2014 12:01 AM
Hi,
WLC supports chained certificates as you can read it here. I'm also using them ....
With version 5.1.151.0 and later, the WLCs support chained certificates for web authentication. Web authentication certificates can be any of these:
Chained
Unchained
Autogenerated
Refer to Generate CSR for Third-Party Certificates and Download Chained Certificates to the WLC for information on how to use Chained certificates on WLC.
Greets
Karel
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide