Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
816
Views
2
Helpful
13
Replies

9800 WLC when browsing: "The connection for this site is not secure"

tdennehy
Level 2
Level 2

‎01-22-2025 01:52 PM

This is a lab box, on a bench with a flat 192.168.1.x network and g0 is connected.  Not connected to the Internet.  Can ping g0 from local subnet.  When we try to browse to it, we get "The connection for this site is not secure".  This actually worked six months or so ago.  Not sure what changed, but it sure sounds like a date somewhere, but cannot find anything.

I followed Scott's advice on this link to no avail:

CISCO 9800 wreless controller not getting the http or https access giving ERR_SSL_PROTOCOL_ERROR - Cisco Community

 

Any ideas?  I'm stumped.

 

0 Helpful
13 Replies 13

MHM Cisco World
VIP
VIP

‎01-22-2025 01:54 PM

You can access but this message appear or you can not log at all?

İf yoh can access this message is normal, 

If you can not access then try other browsers or other PC

MHM

0 Helpful

Flavio Miranda
VIP
VIP

‎01-22-2025 02:02 PM

@tdennehy 

  Recently we noticed some changes on the browser behavior where it will use HTTPS even though you try to use HTTP. And this can explain your problem. 

  If you try to connected to the WLC using HTTPS, it is expected this error message because the browser will not trust the self-signed certificate presented by WLC during the SSL handshake. 

 Depending on the browser you use, you can disable this behavior and force the browser to actually use HTTP. 

https://client.01link.net/knowledgebase/124/How-to-EnableorDisable-the-automatic-redirect-to-HTTPS-in-Chrome.html

 

tdennehy
Level 2
Level 2
In response to Flavio Miranda

‎01-22-2025 02:36 PM

I followed that link, configured Chrome. I could browse to a lab 3504 on the same subnet, but when I try to get to the 9800, I get this:

This site can’t provide a secure connection
192.168.1.250 sent an invalid response.

* Try running Windows Network Diagnostics.

ERR_SSL_PROTOCOL_ERROR



0 Helpful

tdennehy
Level 2
Level 2
In response to Flavio Miranda

‎01-22-2025 04:08 PM

I tried Scott's recommendation but it did not work.
0 Helpful

Flavio Miranda
VIP
VIP
In response to tdennehy

‎01-22-2025 04:14 PM

Consider moving  the WLC to a different version. After all, that was an workaround and the main reason was a bug.

0 Helpful

Rich R
VIP
VIP

‎01-23-2025 06:38 AM

What software version is the WLC running?
Have tried rebooting the controller?

------------------------------
Please click Helpful if this post helped you and Select as Solution (drop down menu at top right of this reply) if this answered your query.
------------------------------
TAC recommended codes for AireOS WLC's   and   TAC recommended codes for 9800 WLC's
Best Practices for AireOS WLC's,   Best Practices for 9800 WLC's   and   Cisco Wireless compatibility matrix
Check your 9800 WLC config with Wireless Config Analyzer using "show tech wireless" output or "config paging disable" then "show run-config" output on AireOS and use Wireless Debug Analyzer to analyze your WLC client debugs
Field Notice: FN63942 APs and WLCs Fail to Create CAPWAP Connections Due to Certificate Expiration
Field Notice: FN72424 Later Versions of WiFi 6 APs Fail to Join WLC - Software Upgrade Required
Field Notice: FN72524 IOS APs stuck in downloading state after 4 Dec 2022 due to Certificate Expired
- Fixed in 8.10.196.0, latest 9800 releases, 8.5.182.12 (8.5.182.13 for 3504) and 8.5.182.109 (IRCM, 8.5.182.111 for 3504)
Field Notice: FN70479 AP Fails to Join or Joins with 1 Radio due to Country Mismatch, RMA needed
How to avoid boot loop due to corrupted image on Wave 2 and Catalyst 11ax Access Points (CSCvx32806)
Field Notice: FN74035 - Wave2 APs DFS May Not Detect Radar After Channel Availability Check Time
Leo's list of bugs affecting 2800/3800/4800/1560 APs
Default AP console baud rate from 17.12.x is 115200 - introduced by CSCwe88390
0 Helpful

tdennehy
Level 2
Level 2

‎01-23-2025 08:30 AM


c9800_Pod_10#sho ver
Cisco IOS XE Software, Version 17.09.03
Cisco IOS Software [Cupertino], C9800 Software (C9800_IOSXE-K9), Version 17.9.3, RELEASE SOFTWARE (fc6)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2023 by Cisco Systems, Inc.
Compiled Tue 14-Mar-23 18:11 by mcpre

Rebooted.  No change.  Very frustrating.

0 Helpful

Rich R
VIP
VIP
In response to tdennehy

‎01-23-2025 08:41 AM

- Update the software as per TAC recommended link below.
- Check the WLC config using Config Analyzer (link below)
- Get a packet capture on client and on WLC to understand why it's not working.

------------------------------
Please click Helpful if this post helped you and Select as Solution (drop down menu at top right of this reply) if this answered your query.
------------------------------
TAC recommended codes for AireOS WLC's   and   TAC recommended codes for 9800 WLC's
Best Practices for AireOS WLC's,   Best Practices for 9800 WLC's   and   Cisco Wireless compatibility matrix
Check your 9800 WLC config with Wireless Config Analyzer using "show tech wireless" output or "config paging disable" then "show run-config" output on AireOS and use Wireless Debug Analyzer to analyze your WLC client debugs
Field Notice: FN63942 APs and WLCs Fail to Create CAPWAP Connections Due to Certificate Expiration
Field Notice: FN72424 Later Versions of WiFi 6 APs Fail to Join WLC - Software Upgrade Required
Field Notice: FN72524 IOS APs stuck in downloading state after 4 Dec 2022 due to Certificate Expired
- Fixed in 8.10.196.0, latest 9800 releases, 8.5.182.12 (8.5.182.13 for 3504) and 8.5.182.109 (IRCM, 8.5.182.111 for 3504)
Field Notice: FN70479 AP Fails to Join or Joins with 1 Radio due to Country Mismatch, RMA needed
How to avoid boot loop due to corrupted image on Wave 2 and Catalyst 11ax Access Points (CSCvx32806)
Field Notice: FN74035 - Wave2 APs DFS May Not Detect Radar After Channel Availability Check Time
Leo's list of bugs affecting 2800/3800/4800/1560 APs
Default AP console baud rate from 17.12.x is 115200 - introduced by CSCwe88390
0 Helpful

tdennehy
Level 2
Level 2
In response to Rich R

‎01-23-2025 09:16 AM

Thanks Rich. Its working now. You are the man!!!

vishalbhandari
Spotlight
Spotlight

‎01-23-2025 09:27 AM

@tdennehy It seems like the issue is related to an SSL certificate expiration or mismatch on your Cisco 9800 wireless controller. Since the error mentions "ERR_SSL_PROTOCOL_ERROR" and the connection being "not secure," it’s likely that the controller's certificate is either expired or no longer trusted by your browser.

Here are a few steps to troubleshoot and resolve this:

  1. Check the System Date and Time: Ensure the date and time on the controller are correct. An incorrect system date can cause SSL certificate issues.

  2. Inspect the Certificate: Try accessing the controller using HTTPS and click on the certificate details in your browser. Check if the certificate is expired or invalid.

  3. Regenerate or Re-upload Certificates: If the certificate is expired, you can either regenerate a new self-signed certificate or upload a valid one (e.g., from a trusted CA).

  4. Fallback to HTTP: If HTTPS access is not critical for your lab setup, you can enable HTTP temporarily for access.

  5. Browser Security Settings: Modern browsers are stricter with outdated or self-signed certificates. Try accessing the controller using an older browser or adjust security settings temporarily.

0 Helpful

MHM Cisco World
VIP
VIP
In response to vishalbhandari

‎01-23-2025 09:28 AM

Sorry but it bug and solution is only upgrade.

He dont want to do anything else.

MHM

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card