Showing results for 
Search instead for 
Did you mean: 

4500 Wireless Controller and 3600 Series APs - Expired Certificates


Hi all, 

I have a client with some older Cisco hardware and the certificates stored in their 3600 series APs have recently expired. I'm bypassing the authentication on that front for now so that the network stays up, but I'm looking for a better long-term solution that hopefully doesn't involve purchasing new hardware. I saw on another forum that upgrading the firmware can force the certificates to renew, but I've had very little luck figuring out how to do that. All I can find as far as a manual goes for these APs is a "getting started guide" that doesn't really include any info on managing these devices once they're deployed. Any help you can offer would be appreciated.



5 Replies 5

Leo Laohoo
VIP Community Legend VIP Community Legend
VIP Community Legend

A 4500 WLC?  
Is this a Sup8/Sup9?

Rich R
VIP Advisor VIP Advisor
VIP Advisor

The field notice about certs is at

3600 APs are end of support:

Converged access - the short-lived WLC on switch solution you appear to be using - is end of life as Cisco abandoned it.  Now superseded by the 9800 series controllers.

Upgrading firmware does not replace the MIC certificate.

Your only option is new hardware because pretty much everything you're using is close to or already past end of support.

TAC recommended codes for AireOS WLC's
Best Practices for AireOS WLC's
TAC recommended codes for 9800 WLC's
Best Practices for 9800 WLC's
Cisco Wireless compatibility matrix
Field Notice: FN-72424 Later Versions of WiFi 6 APs Fail to Join WLC - Software Upgrade Recommended
WARNING - see CSCwd37092 Throughput degraded after upgrading to code - 2800/3800/4800 series
- The fix for CSCwd37092 is now released in and
- For IOS-XE 17.3.6 select controller model, go to IOS XE Software AP Service Pack, select CSCwd40096 17.3.6 APSP2
Field Notice: FN-63942 Lightweight APs and WLCs Fail to Create CAPWAP Connections Due to Certificate
      Expiration - Software Upgrade Recommended
Field Notice: FN-72524 - During Software Upgrade/Downgrade IOS APs Might Remain in Downloading State
     After 4 Dec 2022 Due to Certificate Expiration - Fixed in and 17.3.6 APSP5 (APSP_CSCwd83653)
     Also fixed in (8.5 mainline) and (8.5 IRCM) if you can't upgrade to 8.10
     TAC confirmed that subordinate Mobility Express APs downloading by TFTP are not affected so ME still works
     Note that and have been deferred (withdrawn) and are effectively unsupported by Cisco
Leo Laohoo's list of bugs affecting 2800/3800/4800/1560 APs
Richard R