Re: any chances to renew certificate at Access Point level

Noovi · ‎12-12-2022

Hello Guys,

we are having one Access point of model 3702 where certificate has expired.

*Dec 12 13:47:41.535: %PKI-3-CERTIFICATE_INVALID_EXPIRED: Certificate chain validation has failed. The certificate (SN: 4E78A210000000000007) has expired. Validity period ended on 21:43:46 UTC Dec 4 2022

*Dec 12 13:47:41.535: Image signing certificate validation failed (1A).

Any chance to renew certificates from AP end?

Leo Laohoo · ‎12-12-2022

CSCwd80290

Haydn Andrews · ‎12-13-2022

Roll the clock back to before december 4 2022 and the AP can download the new image then can set the clock back to normal.

*****Help out other by using the rating system and marking answered questions as "Answered"*****
*** Please rate helpful posts ***

jwhiteheadNGM · ‎07-05-2023

I had this same issue. I rolled the clock back, and that didn't work either. The solution I found was to put the exact image the access point was trying to download from the WLC onto the access point using TFTP. It came online after it booted up, and it passed the %PKI-3-CERTIFICATE_INVALID_EXPIRED.

sysadmin@cwcmh.org · ‎01-26-2024

How do you know what image the AP wanted?

silvio.lui · ‎10-31-2023

You need disable NTP in the WLC and set the a time to before Dec/2022.

Case after it the AP still get the same mensage "%PKI-3-CERTIFICATE_INVALID_EXPIRED", you should set the clock in the AP over console: clock set 19:00:00 Oct 30 2020

Silvio Silva