Buy or Renew
Buy or Renew
Cisco Virtual Engineer generative AI bot now active in Wireless Discussion Forum. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
13177
Views
5
Helpful
2
Replies

CAPWAP Certificate verified failed

Go to solution
juantovarm
Level 1
Level 1

‎01-10-2021 06:07 AM - edited ‎07-05-2021 12:59 PM

I have this old AIR-AP1252G-A-K9 (which i downgraded from autonomous to light using the c1250-rcvk9w8-tar.124-21a.JA image) connected to a vWLC  AIR-CTVM-K9-8-0-152-0 running the trial license. They used to bind till yesterday when I cleared the vWLC config using "Recover-Config". Upon reconfiguring the vWLC they can't bind anymore due to expired certificates. I have already  entered the commands:

config ap cert-expiry-ignore mic enable

config ap cert-expiry-ignore mic enable

but to no avail. I've already done the same steps rolling back the clock on both devices, on 1 device and not the other, using NTP, but I keep getting the following errors:

 

*Jan 10 09:31:45.999: %CAPWAP-5-CHANGED: CAPWAP changed state to DISCOVERY
*Jan 10 09:31:45.999: %CAPWAP-5-CHANGED: CAPWAP changed state to DISCOVERY
*Jan 10 09:31:56.007: %CAPWAP-3-ERRORLOG: Go join a capwap controller
*Jan 10 09:31:56.000: %CAPWAP-5-DTLSREQSEND: DTLS connection request sent peer_ip: 192.168.1.251 peer_port: 5246
*Jan 10 09:31:56.000: %CAPWAP-5-CHANGED: CAPWAP changed state to
*Jan 10 09:31:56.015: %LWAPP-3-CLIENTERRORLOG: Peer certificate verification failed
*Jan 10 09:31:56.015: %CAPWAP-3-ERRORLOG: Certificate verification failed!
*Jan 10 09:31:56.015: DTLS_CLIENT_ERROR: ../capwap/capwap_wtp_dtls.c:326 Certificate verified failed!
*Jan 10 09:31:56.015: %DTLS-4-BAD_CERT: Certificate verification failed. Peer IP: 192.168.1.251
*Jan 10 09:31:56.015: %DTLS-5-SEND_ALERT: Send FATAL : Bad certificate Alert to 192.168.1.251:5246
*Jan 10 09:31:56.015: %DTLS-3-BAD_RECORD: Erroneous record received from 192.168.1.251: Malformed Certificate
*Jan 10 09:31:56.015: %DTLS-5-SEND_ALERT: Send WARNING : Close notify Alert to 192.168.1.251:5246

 

Any ideas on what to do next?

 

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
marce1000
VIP
VIP

‎01-10-2021 10:29 AM

 

 - Check if the 1st=reply of this thread is applicable to your case :

             https://community.cisco.com/t5/wireless/certificate-issue-joining-ap-to-vwlc/td-p/2036617

 M.



-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
    When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '

View solution in original post

2 Replies 2

Go to solution
marce1000
VIP
VIP

‎01-10-2021 10:29 AM

 

 - Check if the 1st=reply of this thread is applicable to your case :

             https://community.cisco.com/t5/wireless/certificate-issue-joining-ap-to-vwlc/td-p/2036617

 M.



-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
    When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '

Go to solution
juantovarm
Level 1
Level 1
In response to marce1000

‎01-12-2021 07:00 AM

Thank you very much for your reply..

I had actually read that post before but that means getting my hands on a vWLC 7.3 OVA and CIsco's website has them as deferred. So, no luck there....

I ended up using another reply from that same post and it was to reinstall the original autonomous image via the emergency recovery method. That too took some tweaking because when i renamed the file to "default" in Windows, it showed up as  c1250-k9w7-tar.default.tar in the tftp filysystem, so the AP didn't recognize the image until I edited the name in linux.

 

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card