Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
7223
Views
5
Helpful
4
Replies

Install GoDaddy wildcard SSL on WLC 2504 conroller

Go to solution
Seth Bjorn
Level 1
Level 1

‎01-29-2013 11:07 AM - edited ‎07-03-2021 11:26 PM

I'm attempting to install a GoDaddy wildcard ssl certificate onto a WLC 2504 running version 7.4.100.0.

I am getting the error "#SSHPM-3-KEYED_PEM_DECODE_FAILED: sshpmcert.c:4055 Cannot PEM decode private key" when downloading the .pem file to the controller.

What I have attempted to do was to export the certificate from a Windows 2008 R2 server into a .pfx file. The file contained the private key and all possible root certficates (in this case a root and a intermediate cert). Now I took this .pfx file and attempted to create a .pem file with openssl using the following command: openssl pkcs12 -in myssl.pfx -out mynewssl.pem -passin pass:mypassword -passout pass:mypassword

Now I have opened the .pem file and verified it does contain the private key and the three certificates (wildcard, intermediate and root).

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Kenneth Sharp
Level 1
Level 1

‎05-22-2013 12:08 PM

Seth,

I had a similar problem, and saw the solution in another post on this forum.  I am cross-posting this to help anyone else out there who might be searching for this answer.

Kudos to Robert Wells for finding this:

"I have it fixed now. The problem was the cisco only supports openssl 0.9.8x. I was using 1.0.1c. I used 0.9.8x and it worked perfectly fine."

The Windows version of OpenSSL I used was the 0.9.8y Light version from:

http://slproweb.com/download/Win32OpenSSL_Light-0_9_8y.exe

I hope this helps someone out there with this problem.

   - Ken

View solution in original post

4 Replies 4

Go to solution
David Watkins
Level 4
Level 4

‎02-06-2013 07:28 AM

Did you specify the certificate "password" you used on the 2504 WLC before downloading it?

When you combined the chained cert did you use the order device/wildcard, intermediate, root?

I'm not sure what you meen about exporting this from 2008 R2 if you created a CSR that GoDaddy signed; when did 2008 come in to play?

If you're following all of these steps you "should" be fine.  http://www.cisco.com/en/US/products/ps6366/products_configuration_example09186a0080a77592.shtml

0 Helpful

Go to solution
Seth Bjorn
Level 1
Level 1
In response to David Watkins

‎02-07-2013 09:34 AM

Password was specified both in creating the file and on the WLC when uploading.

As stated in the OP, opening the .pem file shows the certs lined up from top to bottom as wildcard/device then intermediate, then root.

Win2008 comes into the picture because I did not generate a CSR on the wlc because I want to reuse an existing wildcard cert I have on said Win2008 machine. From the Win2008 machine I exported the entire chain and private key using a .pfx file. I used openssl to convert that to a pem file with the command in the OP.

0 Helpful

Go to solution
Kenneth Sharp
Level 1
Level 1

‎05-22-2013 12:08 PM

Seth,

I had a similar problem, and saw the solution in another post on this forum.  I am cross-posting this to help anyone else out there who might be searching for this answer.

Kudos to Robert Wells for finding this:

"I have it fixed now. The problem was the cisco only supports openssl 0.9.8x. I was using 1.0.1c. I used 0.9.8x and it worked perfectly fine."

The Windows version of OpenSSL I used was the 0.9.8y Light version from:

http://slproweb.com/download/Win32OpenSSL_Light-0_9_8y.exe

I hope this helps someone out there with this problem.

   - Ken

Go to solution
ron.wilkerson
Level 1
Level 1

‎05-23-2013 07:28 AM

I had issues using openssl.

Open a TAC case and they'll combine the cert for you and you just install it.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card