Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
276
Views
0
Helpful
3
Replies

Monitoring CA certificate on webauth

PradeepSingh
Beginner
Beginner

‎05-30-2022 06:34 AM

Hi,

 

We are using CA provided certificate for Webauth on wireless controllers for guest portal. The challenge we facing are we are not able to monitor the status og certificate from internal infra as the certificate is part of guest network local on the site. I tried to find if WLC is generating any warning before certificate is expired but could not find that.  Does anyone has knowledge in this regard ?

0 Helpful
3 Replies 3

Flavio Miranda
VIP Mentor VIP Mentor
VIP Mentor

‎05-30-2022 06:48 AM

Hi

  The WLC does not have SNMP trap for expired certificates.  I dont think you can monitor this.

 

0 Helpful

balaji.bandi
VIP Community Legend VIP Community Legend
VIP Community Legend

‎05-30-2022 07:19 AM

Is this Public Cert or Internal Certificate,  we made custom  script, which checks internal and external cert and generate email alert 90 - 60 -30days so on.

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

Rich R
VIP Advisor VIP Advisor
VIP Advisor

‎05-31-2022 04:13 PM

What WLC? What version of software?

Regardless - there's a very simple solution.

When you buy the cert you know what the expiry date is so add 1 or more reminders in your diary, copying as many people as you want, to ensure that everyone who needs to know gets reminded in good time that the cert is due to expire on a certain date and can get it  renewed before then.

___________________________________________
TAC recommended codes for AireOS WLC's
Best Practices for AireOS WLC's
TAC recommended codes for 9800 WLC's
Best Practices for 9800 WLC's
Cisco Wireless compatibility matrix
Field Notice: FN-72424 Later Versions of WiFi 6 APs Fail to Join WLC - Software Upgrade Recommended
WARNING - see CSCwd37092 Throughput degraded after upgrading to code 8.10.181.0/17.3.6 - 2800/3800/4800 series
- The fix for CSCwd37092 is now released in 8.10.183.0 and
- For IOS-XE 17.3.6 select controller model, go to IOS XE Software AP Service Pack, select CSCwd40096 17.3.6 APSP2
Field Notice: FN-63942 Lightweight APs and WLCs Fail to Create CAPWAP Connections Due to Certificate
      Expiration - Software Upgrade Recommended
Field Notice: FN-72524 - During Software Upgrade/Downgrade IOS APs Might Remain in Downloading State
     After 4 Dec 2022 Due to Certificate Expiration - Fixed in 8.10.183.0 and 17.3.6 APSP5 (APSP_CSCwd83653)
     Also fixed in 8.5.182.7 (8.5 mainline) and 8.5.182.105 (8.5 IRCM) if you can't upgrade to 8.10
     TAC confirmed that subordinate Mobility Express APs downloading by TFTP are not affected so ME 8.5.182.0 still works
     Note that 8.10.181.0 and 8.10.182.0 have been deferred (withdrawn) and are effectively unsupported by Cisco
Leo Laohoo's list of bugs affecting 2800/3800/4800/1560 APs
___________________________________________
Richard R
0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Recognize Your Peers
Spotlight Award Nomination
Customers Also Viewed These Support Documents