Buy or Renew
Buy or Renew
Cisco Virtual Engineer generative AI bot now active in Wireless Discussion Forum. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
548
Views
15
Helpful
6
Replies

Uploading 3rd party certificate to 5508 (ver7.4) fails

Go to solution
alalli
Level 2
Level 2

‎04-17-2014 07:33 PM - edited ‎07-05-2021 12:42 AM

Good Day,

 

I tried to load a 3rd party certificate to a pair of 5508s last night.

The tftp transfer was successful, but the controllers failed to install the certificate.

I ran debug transfer all enable and could see that I received ERROR_CODE:12 each time.

 

Just wondering if anyone has come across this and what they did to correct it.

 

 

thanks very much

 

regards

 

amanda

 

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Saurav Lodh
Level 7
Level 7

‎04-21-2014 01:17 AM

CLI commands to load the certificate into the controller

 

transfer download serverip <IP of server>

transfer download datatype webauthcert

transfer download filename <cert filename>

transfer download mode tftp

debug transfer tftp enable

transfer download start

 

Please reboot the controller once

View solution in original post

0 Helpful
6 Replies 6

Go to solution
Saurav Lodh
Level 7
Level 7

‎04-21-2014 01:17 AM

CLI commands to load the certificate into the controller

 

transfer download serverip <IP of server>

transfer download datatype webauthcert

transfer download filename <cert filename>

transfer download mode tftp

debug transfer tftp enable

transfer download start

 

Please reboot the controller once

0 Helpful

Go to solution
Karel Navratil
Level 1
Level 1

‎04-21-2014 02:36 PM

Hi Amanda,

 

looks to me that unsupported openssl version was used for certificate request.

I had the same or similar issue, in the Cisco documentation you can find the following note:

 

Note: OpenSSL 0.9.8 is required as the WLC does not currently support OpenSSL 1.0.

 

Hope this helps.

 

K.

Go to solution
rjevans2014
Level 1
Level 1
In response to Karel Navratil

‎04-24-2014 06:30 PM

I have the same problem even with OpenSSL 0.9.8. The result is always error code 12. 

Go to solution
alalli
Level 2
Level 2
In response to Karel Navratil

‎04-29-2014 11:31 PM

Hi K,

 

The cert was generated by my colleague, but he is using SSL 0.9.8

As a point of interest,  I had a chained certificate.

As I understand it,  chained certificates are not compatible with the Wireless Controllers for the web administration page.

 

I think that is my problem.

 

This leads to a new question.

I wonder if I can use an intermediate certificate or a wildcard certificate on the server.

All of the PCs have a company certificate on them due to the fact that we are using dot1x on the wired network.

 

any ideas?

 

thanks

 

0 Helpful

Go to solution
patoberli
VIP Alumni
VIP Alumni
In response to alalli

‎04-30-2014 12:01 AM

I believe you can split up the chained certificate to the separate ones and then install first the root, then all intermediates and as the last one the machine certificate. I think it worked that way when I did it once on a 4404 controller.

Go to solution
Karel Navratil
Level 1
Level 1
In response to alalli

‎04-30-2014 12:01 AM

Hi,

WLC supports chained certificates as you can read it here. I'm also using them ....

 

With version 5.1.151.0 and later, the WLCs support chained certificates for web authentication. Web authentication certificates can be any of these:

  • Chained

  • Unchained

  • Autogenerated

Refer to Generate CSR for Third-Party Certificates and Download Chained Certificates to the WLC for information on how to use Chained certificates on WLC.

 

Greets

 

Karel

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card