cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
756
Views
0
Helpful
4
Replies

5520 webadmin SSO

bern.rain
Level 1
Level 1

Hello

 

I have a WLC 5520 SSO installation with 8.5.103 installed and generated the CSR over gui. After i installed the .pem file the controller rebooted and i was able to login with https. When i did the failovertest i was unable to login over https to the secondary controller. I checked on the cli the cert looks fine. The secondary controller syncronized all correct

 

are there any know problems.

 

Regards,

Bernhard

4 Replies 4

Leo Laohoo
Hall of Fame
Hall of Fame
That's because the CSR wasn't uploaded to the secondary unit.
Break HA and load CSR to each physical unit. Only after this is done do you put them back into HA.

Hello

 

This means i Break up then both WLCs hostname is for ex WLC 1 and 2 and i generate a new csr for wlc2 and upload the signed one? After that i create the redundancy again?

 

Regards,


Bernhard

The CSR has been upload to the primary. So now upload the same CSR to secondary and reboot the secondary.

Hi @bern.rain

 

 It seems that the certificate is not replicated. Cisco docs states:

 

"Device and root certificates are not automatically synced to the Standby controller."

"APs with LSC certificates are supported. The controller's LSC certificate and SCEP configuration must be implemented on the active and standby controllers before activating SSO."

"The download of certificates should be done separately on each box and should be done before pairing"

 

https://www.cisco.com/c/en/us/td/docs/wireless/controller/technotes/7-5/High_Availability_DG.html

 

-If I helped you somehow, please, rate it as useful.-

Review Cisco Networking for a $25 gift card