Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
10263
Views
16
Helpful
3
Replies

AP 1130 cannot Join to WLC - Certificate Error.

Go to solution
cleetusant
Level 1
Level 1

‎02-19-2020 03:06 AM - edited ‎07-05-2021 11:44 AM

Hello Geniuses,

 

I have WLC 2504 and running with 1700 and 2700 series APs at the moment. 

Couple of AP 1130 also were working fine till few days ago. After a reboot of WLC due to the power failure, all of a sudden, all 1130 APs are not joining to the network.

My WLC software version is  8.0.140.0

 

Below is the console messages from 1130 APs.

*Feb 19 10:45:03.000: %CAPWAP-3-ERRORLOG: Go join a capwap controller
*Feb 19 10:43:58.000: %CAPWAP-5-DTLSREQSEND: DTLS connection request sent peer_ip: 10.100.0.5 peer_port: 5246
*Feb 19 10:43:59.405: %DTLS-5-ALERT: Received FATAL : Certificate unknown alert from 10.100.0.5
*Feb 19 10:43:59.405: %CAPWAP-3-ERRORLOG: Bad certificate alert received from peer.
*Feb 19 10:43:59.406: %DTLS-5-SEND_ALERT: Send FATAL : Close notify Alert to 10.100.0.5:5246
*Feb 19 10:43:59.407: %CAPWAP-3-ERRORLOG: Invalid event 38 & state 3 combination.

 

Looks like the certificate issue is happened all of sudden.Cant understand why.

 

Does anyone have any idea to rejoin the 1130 APs to WLC ?  Can we disable the certificate check ?

 

Thanks in advance.

Cleetus

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Sandeep Choudhary
VIP Alumni
VIP Alumni

‎02-19-2020 03:38 AM

I suspect the certificate in the AP has expired.

can you try this :
 
For 7.4.140.0 and later:
(WLC)>config ap cert-expiry-ignore mic enable
 
 
https://community.cisco.com/t5/wireless-mobility-documents/lightweight-ap-fail-to-create-capwap-lwapp-connection-due-to/ta-p/3155111
 
Regards
Dont forget to rate helpful posts

View solution in original post

3 Replies 3

Go to solution
Sandeep Choudhary
VIP Alumni
VIP Alumni

‎02-19-2020 03:38 AM

I suspect the certificate in the AP has expired.

can you try this :
 
For 7.4.140.0 and later:
(WLC)>config ap cert-expiry-ignore mic enable
 
 
https://community.cisco.com/t5/wireless-mobility-documents/lightweight-ap-fail-to-create-capwap-lwapp-connection-due-to/ta-p/3155111
 
Regards
Dont forget to rate helpful posts

Go to solution
cleetusant
Level 1
Level 1
In response to Sandeep Choudhary

‎02-19-2020 09:02 PM

Thank you Sandeep. 

It worked well.

 

Thanks again

Cleetus

0 Helpful

Go to solution
JASON VLAD
Level 1
Level 1

‎06-17-2021 06:45 AM

Thank You Sandeep.

I know it was an expired cert but didn't know how to temporarily get around it.

Two Thumbs-UP from me to you. 

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card