Re: Business 240AC error when checking software version

tzero1dekom · ‎05-19-2021

Hi,

I have a 240AC device which is erroring when I try to check the software version.

Then error message is: Connection failed: 60. peer certificate cannot be authenticated with given CA certificate.

This worked initially, but not sure why this have changed.

Thank you in advance

Mark Elsen · ‎05-19-2021

- Exactly which command did you try ?

M.

-- Let everything happen to you
   Beauty and terror
      Just keep going
     No feeling is final
Reiner Maria Rilke (1899)

tzero1dekom · ‎05-19-2021

Marce hi,

This is via the Web interface.

Rich R · ‎05-19-2021

Have you tried a different browser or an older version of the browser?

Things that could have changed over time:

- browser security settings got stricter - this is happening all the time (so viewing pages which use self-signed certs becomes more difficult)

- device cert expired

------------------------------
Please click Helpful if this post helped you and Accept as Solution if this answered your query.
------------------------------
TAC recommended codes for AireOS WLC's and TAC recommended codes for 9800 WLC's
Best Practices for AireOS WLC's, Best Practices for 9800 WLC's and Cisco Wireless compatibility matrix
Check your 9800 WLC config with Wireless Config Analyzer using "show tech wireless" output or "config paging disable" then "show run-config" output on AireOS and use Wireless Debug Analyzer to analyze your WLC client debugs
Field Notice: FN63942 APs and WLCs Fail to Create CAPWAP Connections Due to Certificate Expiration
Field Notice: FN72424 Later Versions of WiFi 6 APs Fail to Join WLC - Software Upgrade Required
Field Notice: FN72524 IOS APs stuck in downloading state after 4 Dec 2022 due to Certificate Expired
- Fixed in 8.10.196.0, latest 9800 releases, 8.5.182.12 (8.5.182.13 for 3504) and 8.5.182.109 (IRCM, 8.5.182.111 for 3504)
Field Notice: FN70479 AP Fails to Join or Joins with 1 Radio due to Country Mismatch, RMA needed
Field Notice: FN74383 APs Running 17.12.4/5/6/6a May Run Out of Flash Space Preventing Upgrades
How to avoid boot loop due to corrupted image on Wave 2 and Catalyst 11ax Access Points (CSCvx32806)
Field Notice: FN74035 - Wave2 APs DFS May Not Detect Radar After Channel Availability Check Time
Leo's list of bugs affecting 2800/3800/4800/1560 APs
Default AP console baud rate from 17.12.x is 115200 - introduced by CSCwe88390
AP supported channel lookup: https://apchannels.cisco.com/

tzero1dekom · ‎05-19-2021

I tried using different browsers, but still recieved the same error message.

Mark Elsen · ‎05-19-2021

- Could you post a screenshot ?

M.

-- Let everything happen to you
   Beauty and terror
      Just keep going
     No feeling is final
Reiner Maria Rilke (1899)

tzero1dekom · ‎05-20-2021

Rich R · ‎05-20-2021

This looks the same as https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvv54258 / https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvm03931 although that is for Firepower. The point is that the Cisco website has changed their root certificate authority and the old device firmware doesn't recognise it. I doubt that there is an option to upload new root CAs on these devices so until there is a new version of firmware with a fix you'll have to do it manually:

https://www.cisco.com/c/en/us/support/docs/smb/wireless/CB-Wireless-Mesh/1769-tz-Frequently-Asked-Questions-for-a-Cisco-Business-Mesh-Network.html

https://www.cisco.com/c/en/us/support/docs/smb/wireless/CB-Wireless-Mesh/2063-Upgrade-software-of-CBW-access-point.html

Ideally open a TAC case to make sure they are aware of the problem on this product (they might already have a bug for it but I didn't find one) to make sure it does get fixed in the next release.

------------------------------
Please click Helpful if this post helped you and Accept as Solution if this answered your query.
------------------------------
TAC recommended codes for AireOS WLC's and TAC recommended codes for 9800 WLC's
Best Practices for AireOS WLC's, Best Practices for 9800 WLC's and Cisco Wireless compatibility matrix
Check your 9800 WLC config with Wireless Config Analyzer using "show tech wireless" output or "config paging disable" then "show run-config" output on AireOS and use Wireless Debug Analyzer to analyze your WLC client debugs
Field Notice: FN63942 APs and WLCs Fail to Create CAPWAP Connections Due to Certificate Expiration
Field Notice: FN72424 Later Versions of WiFi 6 APs Fail to Join WLC - Software Upgrade Required
Field Notice: FN72524 IOS APs stuck in downloading state after 4 Dec 2022 due to Certificate Expired
- Fixed in 8.10.196.0, latest 9800 releases, 8.5.182.12 (8.5.182.13 for 3504) and 8.5.182.109 (IRCM, 8.5.182.111 for 3504)
Field Notice: FN70479 AP Fails to Join or Joins with 1 Radio due to Country Mismatch, RMA needed
Field Notice: FN74383 APs Running 17.12.4/5/6/6a May Run Out of Flash Space Preventing Upgrades
How to avoid boot loop due to corrupted image on Wave 2 and Catalyst 11ax Access Points (CSCvx32806)
Field Notice: FN74035 - Wave2 APs DFS May Not Detect Radar After Channel Availability Check Time
Leo's list of bugs affecting 2800/3800/4800/1560 APs
Default AP console baud rate from 17.12.x is 115200 - introduced by CSCwe88390
AP supported channel lookup: https://apchannels.cisco.com/