Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2502
Views
0
Helpful
3
Replies

Cisco WLC 2500 Series use letencrypt wildcard on webAuth

setsal Lan
Level 1
Level 1

‎02-19-2019 08:43 PM - edited ‎07-05-2021 09:53 AM

WLC software version: 8.1.102.0

 

I want to use the LetsEncrypt Wildcard on WLC Web Authentication Certificate

But when I upload thie file, it always says that "File Transfer Failed.

 

Seeing the message logs, it pop out that

*TransferTask: Feb 20 04:10:30.378: %UPDATE-3-CERT_INST_FAIL: updcode.c:2754 Failed to install certificate. rc = 1

 

I am not sure if there is anything mistake on my certificate

I just following the tutorial to generate the final.pem

1. https://knowledge.digicert.com/solution/SO25994.html

2. https://www.cisco.com/c/en/us/support/docs/wireless/4400-series-wireless-lan-controllers/109597-csr-chained-certificates-wlc-00.html

 

sp20190220_121905.png

 

LetsEncrypt provides cert.pem, chain.pem, fullchain.pem, privkey.pem

And I go to there homepage and download it's Intermediate CA certificate (IdenTrust cross-signed) and  Root CA certificate(ISRG Root X1)

I have tried combine with cert.pem or fullchain.pem to generate the final.pem , but I still get the error.

 

The command like ..

```

$ cat cert.pem Intermediate CA certificate (IdenTrust cross-signed) Root CA certificate(ISRG Root X1) > all.pem

$ cat fullchain.pem Intermediate CA certificate (IdenTrust cross-signed) Root CA certificate(ISRG Root X1) > all.pem

$openssl> pkcs12 –export -in all.pem -inkey privkey.pem –out All–certs.p12 -clcerts -passin pass:check123 -passout pass:check123

$openssl> pkcs12 –in all.p12 –out final.pem -passin pass:check123 –passout pass:check123

```

 

I have no idea what the problem is, maybe the software version too old or openssl version no match?

Many thanks for any suggestion,

setsal

Preview file
72 KB
0 Helpful
3 Replies 3

Haydn Andrews
VIP Alumni
VIP Alumni

‎02-19-2019 09:14 PM

What version of openssl are you using:

 

Note: OpenSSL Version 0.9.8 is the recommended version for old WLC releases; however, as of Version 7.5, support for OpenSSL Version 1.0 was also added (refer to Cisco bug ID CSCti65315 - Need Support for certificates generated using OpenSSL v1.0) and is the recommended version to use. OpenSSL 1.1 works was also tested and works great on 8.x and later WLC releases.

 

I'm guessing the issue is that the chaining hasn't been done correctly make sure you are following all steps in the Cisco document you referenced

*****Help out other by using the rating system and marking answered questions as "Answered"*****
*** Please rate helpful posts ***
0 Helpful

setsal Lan
Level 1
Level 1
In response to Haydn Andrews

‎02-19-2019 11:40 PM

Hi  Haydn Andrews,

 

On the Web Auth Server, my openssl version is  OpenSSL 1.0.2k-freebsd  26 Jan 2017

WLC software version is 8.1.102.0

 

2019-02-20 15-30-43 的螢幕擷圖.png

 

It seems that the version of WLC and openssl is fine?

 

I have followed the document of cisco wlc ( part 3rd party )

just the same as the picture below

 

2019-02-20 15-35-57 的螢幕擷圖.png

 

Am I using the wrong certificate on letsencrypt to combine All-certs.pem?

 

Many thanks for your help,

setsal

0 Helpful

Jurgens L
Level 3
Level 3
In response to setsal Lan

‎02-20-2019 01:35 PM

Letsencrypt is not supported on the WLC's as you need a web server to support these services. This is due to the fact that the server needs to be able to communicate with letsencrypt to update it's certificate on an occurring basis.

 

 

 

<<< Please help the community by marking useful posts helpful, or accept as a solution if it resolved your issue >>>

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card