cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
702
Views
6
Helpful
13
Replies

AP Certificate

hs08
Spotlight
Spotlight

Hello,

I have CAP 3702 and WLC 2504 with version 8.5.182.0, the CAP can't join to the WLC.

Reading some article on the internet and found we must disable the NTP and change the date on the WLC to some years ago. This trick is working normally.

Now i just want to know, when the CAP joined to the WLC, there are certificate expiry validation? In this case can i say the CAP certificate is expired?

13 Replies 13

So this mean AP certificate or WLC certificate is expired? How we can knowing the expiry date? 

Some article say we must execute 'show crypto pki certificates' on the AP, but unlucky this command is not recognized in my AP.

 

  @hs08   - It might be possible to get the expiry date by examining the running configuration on the AP and look at the certificate details.

  M.



-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
    When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '

Already check the running configuration but there no information about expiry date.

 

 - It doesn't matter that much , simply use the workaround commands mentioned in the field notice to let the APs join a controller even if it is on current time , 

 M.



-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
    When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '

I am confident the certificate in the AP has expired.

 

                                 >...I am confident the certificate in the AP has expired.
  @Leo Laohoo  I second this opinion , besides if the workaround from the field notice is used such as :
                         ap cert-expiry-ignore {mic|ssc} enable
        and the AP can then join, then you know the certificate was expired

 M.



-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
    When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '

The another question is the expired date is depend of when the AP is producing or when we upgrade the ios of that AP then this will make the certificate renewed?

 

 - The certificate is build-in and will not change when the ios on the AP is upgraded , 

 M.



-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
    When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '

Wheb you do 

Show crypto?

What option you get?

MHM

Hello,

Yes i can see the certificate expiry using show crypto command. The another question is the expired date is depend of when the AP is producing or when we upgrade the ios of that AP then this will make the certificate renewed?

Cert expired when AP producing or when cert renewed 
cert date dont relate to when you upgrade the AP.

MHM

So this mean AP certificate or WLC certificate is expired?
Probably both.  As the others have said follow the instructions in the field notice and then it won't be a problem.

Also note that your WLC should be running 8.5.182.12 (link below) with latest bug fixes.

Review Cisco Networking for a $25 gift card