07-29-2024 08:29 PM - edited 07-30-2024 04:49 AM
Hi All-
I did find a similar thread on this error here: https://community.cisco.com/t5/wireless/lost-private-keys-after-failed-upgrade-from-17-3-5a-to-17-9-3/td-p/4908871 however, it doesn't really present a solution.
Long story, but basically, trying to onboard a 9800-CL to CatCenter destroyed my AAA config. Had to do password recovery. Now, it looks like the certificates are messed up and I get the "private key not found" error when I try to web to the management interface and the browser says: Error code: SSL_ERROR_INTERNAL_ERROR_ALERT.
I tried generating a new ssc cert and assigning that to the http server:
wireless config vwlc-ssc key-size 2048 signature-algo sha256 password 0 Cisco123#
and then changing the web server to that trustpoint:
ip http secure-trustpoint c9800-1.mps_WLC_TP
This did not help. Any suggestions would be appreciated!
Solved! Go to Solution.
07-30-2024 04:57 AM
Well, the morning has brought some clarity - thank you SBC! I was able to (find and) re-import the cert for this controller. That would probably have been preferable to creating a new on as described above. For clarity, the CLI is something like this:
Import pfx:
crypto pki import c9800-1.pfx-TP pkcs12 tftp://10.1.2.3/c9800-1.pfx password cisco
Assign TP to https:
no ip http secure-server
ip http secure-trustpoint c9800-1.pfx-TP
ip http secure-server
Things are back to normal after that operation.
07-29-2024 08:34 PM
Interesting development: The browser lets me connect via IP but not via name. I will try to proceed and restore the certs tomorrow once I get a bit of coffee in me!
07-30-2024 04:57 AM
Well, the morning has brought some clarity - thank you SBC! I was able to (find and) re-import the cert for this controller. That would probably have been preferable to creating a new on as described above. For clarity, the CLI is something like this:
Import pfx:
crypto pki import c9800-1.pfx-TP pkcs12 tftp://10.1.2.3/c9800-1.pfx password cisco
Assign TP to https:
no ip http secure-server
ip http secure-trustpoint c9800-1.pfx-TP
ip http secure-server
Things are back to normal after that operation.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide