01-16-2015 06:55 PM - edited 07-05-2021 02:17 AM
Hi All,
air-ap1131ag-a-k9 unable to join controller 5508 getting certificate error kindly help on this.
01-16-2015 07:30 PM
Hello Manjunatha-
Can you post the exact error that you are getting on the AP? Also, please confirm that the date/time matches on both the AP and the WLC
Thank you for rating helpful posts!
01-16-2015 10:30 PM
Hi Neno,
Thanks reply kindly find the below logs, the time in WLC and AP are different.
*Dec 8 23:57:39.549: %CAPWAP-3-ERRORLOG: Could Not resolve CISCO-LWAPP-CONTROLLER.IN.nam.ad.pwcinternal.com
*Dec 8 23:57:49.550: %CAPWAP-3-ERRORLOG: Go join a capwap controller
*Jan 17 06:25:21.000: %CAPWAP-5-DTLSREQSEND: DTLS connection request sent peer_ip: 10.31.64.41 peer_port: 5246Peer certificate verification failed 000B
*Jan 17 06:25:21.271: %CAPWAP-3-ERRORLOG: Certificate verification failed!
*Jan 17 06:25:21.271: DTLS_CLIENT_ERROR: ../capwap/base_capwap/capwap/base_capwap_wtp_dtls.c:447 Certificate verified failed!
*Jan 17 06:25:21.271: %DTLS-5-SEND_ALERT: Send FATAL : Bad certificate Alert to 10.31.64.41:5246
*Jan 17 06:25:21.272: %DTLS-5-SEND_ALERT: Send FATAL : Close notify Alert to 10.31.64.41:5246
*Jan 17 06:25:21.273: %CAPWAP-3-ERRORLOG: Invalid event 38 & state 3 combination.
01-16-2015 10:42 PM
Hi Neno,
The AP is running with IOS version of flash:/c1130-rcvk9w8-mx.124-25e.JAP/c1130-rcvk9w8-mx.124-25e.JA"
01-16-2015 10:52 PM
- Is that the complete log from the AP? Can you make sure that you are not cutting out any of the output?
- Also, can you grab the logs from your controller and post them here
- Lastly, go to your controller and confirm that both the time and timezone are correct and that the WLC clock has not drifted from the current time
Thank you for rating helpful posts!
01-17-2015 02:05 AM
That is the full output.
AP0012.80ad.7f96#
*Jan 17 07:30:58.000: %CAPWAP-3-ERRORLOG: Go join a capwap controller
*Jan 17 07:29:53.000: %CAPWAP-5-DTLSREQSEND: DTLS connection request sent peer_ip: 10.31.64.41 peer_port: 5246Peer certificate verification failed 000B
*Jan 17 07:29:53.275: %CAPWAP-3-ERRORLOG: Certificate verification failed!
*Jan 17 07:29:53.275: DTLS_CLIENT_ERROR: ../capwap/base_capwap/capwap/base_capwap_wtp_dtls.c:447 Certificate verified failed!
*Jan 17 07:29:53.275: %DTLS-5-SEND_ALERT: Send FATAL : Bad certificate Alert to 10.31.64.41:5246
*Jan 17 07:29:53.276: %DTLS-5-SEND_ALERT: Send FATAL : Close notify Alert to 10.31.64.41:5246
*Jan 17 07:29:53.276: %CAPWAP-3-ERRORLOG: Invalid event 38 & state 3 combination.
Now i cant get logs from WLC
01-17-2015 03:55 AM
Hi All,
Nothing above helped us we have downloaded the Cisco IOS upgrade tool for Autonomous to Lighweight and the we have covert the AP using that tool in that way AP can download SSC and LSC certificates from WLC so finally AP has joined WLC
01-17-2015 05:56 AM
From the WLC can you post the following:
show sysinfo
show license summary
show ap summary
From the AP:
show version
show flash
-Scott
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide