Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
382
Views
1
Helpful
2
Replies

private key not found after password recovery

Go to solution
Wes Schochet
Level 3
Level 3

‎07-29-2024 08:29 PM - edited ‎07-30-2024 04:49 AM

Hi All-

I did find a similar thread on this error here:  https://community.cisco.com/t5/wireless/lost-private-keys-after-failed-upgrade-from-17-3-5a-to-17-9-3/td-p/4908871  however, it doesn't really present a solution.

Long story, but basically, trying to onboard a 9800-CL to CatCenter destroyed my AAA config.  Had to do password recovery.  Now, it looks like the certificates are messed up and I get the "private key not found" error when I try to web to the management interface and the browser says: Error code: SSL_ERROR_INTERNAL_ERROR_ALERT. 

I tried generating a new ssc cert and assigning that to the http server:

wireless config vwlc-ssc key-size 2048 signature-algo sha256 password 0 Cisco123#

and then changing the web server to that trustpoint:

ip http secure-trustpoint c9800-1.mps_WLC_TP

This did not help.  Any suggestions would be appreciated!

 

 

 

 

 

 

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Wes Schochet
Level 3
Level 3
In response to Wes Schochet

‎07-30-2024 04:57 AM

Well, the  morning has brought some clarity - thank you SBC!  I was able to (find and)  re-import the cert for this controller.  That would probably have been preferable to creating a new on as described above.  For clarity, the CLI is something like this:

Import pfx:
crypto pki import c9800-1.pfx-TP pkcs12 tftp://10.1.2.3/c9800-1.pfx password cisco

Assign TP to https:
no ip http secure-server
ip http secure-trustpoint c9800-1.pfx-TP
ip http secure-server

Things are back to normal after that operation.

 

 

View solution in original post

2 Replies 2

Go to solution
Wes Schochet
Level 3
Level 3

‎07-29-2024 08:34 PM

Interesting development: The browser lets me connect via IP but not via name.  I will try to proceed and restore the certs tomorrow once I get a bit of coffee in me!

0 Helpful

Go to solution
Wes Schochet
Level 3
Level 3
In response to Wes Schochet

‎07-30-2024 04:57 AM

Well, the  morning has brought some clarity - thank you SBC!  I was able to (find and)  re-import the cert for this controller.  That would probably have been preferable to creating a new on as described above.  For clarity, the CLI is something like this:

Import pfx:
crypto pki import c9800-1.pfx-TP pkcs12 tftp://10.1.2.3/c9800-1.pfx password cisco

Assign TP to https:
no ip http secure-server
ip http secure-trustpoint c9800-1.pfx-TP
ip http secure-server

Things are back to normal after that operation.

 

 

Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card