Showing results for 
Search instead for 
Did you mean: 

Monitoring CA certificate on webauth




We are using CA provided certificate for Webauth on wireless controllers for guest portal. The challenge we facing are we are not able to monitor the status og certificate from internal infra as the certificate is part of guest network local on the site. I tried to find if WLC is generating any warning before certificate is expired but could not find that.  Does anyone has knowledge in this regard ?

3 Replies 3

Flavio Miranda
VIP Mentor VIP Mentor
VIP Mentor


  The WLC does not have SNMP trap for expired certificates.  I dont think you can monitor this.


VIP Community Legend VIP Community Legend
VIP Community Legend

Is this Public Cert or Internal Certificate,  we made custom  script, which checks internal and external cert and generate email alert 90 - 60 -30days so on.



***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Rich R
VIP Advisor VIP Advisor
VIP Advisor

What WLC? What version of software?

Regardless - there's a very simple solution.

When you buy the cert you know what the expiry date is so add 1 or more reminders in your diary, copying as many people as you want, to ensure that everyone who needs to know gets reminded in good time that the cert is due to expire on a certain date and can get it  renewed before then.

TAC recommended codes for AireOS WLC's
Best Practices for AireOS WLC's
TAC recommended codes for 9800 WLC's
Best Practices for 9800 WLC's
Cisco Wireless compatibility matrix
Field Notice: FN-72424 Later Versions of WiFi 6 APs Fail to Join WLC - Software Upgrade Recommended
WARNING - see CSCwd37092 Throughput degraded after upgrading to code - 2800/3800/4800 series
- The fix for CSCwd37092 is now released in and
- For IOS-XE 17.3.6 select controller model, go to IOS XE Software AP Service Pack, select CSCwd40096 17.3.6 APSP2
Field Notice: FN-63942 Lightweight APs and WLCs Fail to Create CAPWAP Connections Due to Certificate
      Expiration - Software Upgrade Recommended
Field Notice: FN-72524 - During Software Upgrade/Downgrade IOS APs Might Remain in Downloading State
     After 4 Dec 2022 Due to Certificate Expiration - Fixed in and 17.3.6 APSP5 (APSP_CSCwd83653)
     Also fixed in (8.5 mainline) and (8.5 IRCM) if you can't upgrade to 8.10
     TAC confirmed that subordinate Mobility Express APs downloading by TFTP are not affected so ME still works
     Note that and have been deferred (withdrawn) and are effectively unsupported by Cisco
Leo Laohoo's list of bugs affecting 2800/3800/4800/1560 APs
Richard R
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Recognize Your Peers