cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
14491
Views
15
Helpful
8
Replies

SSL-Certificates on WLC 5508

Woodcke---
Level 1
Level 1

I'm trying to upload an SSL-certificate(.PEM) to a WLC 5508 via the "Management->HTTP-HTTPS"-Tab, but always get the error messages:

*TransferTask: Mar 30 07:51:20.882: %UPDATE-3-CERT_INST_FAIL: updcode.c:1276 Failed to install Webauth certificate. rc = 1
*TransferTask: Mar 30 07:51:20.882: %SSHPM-3-KEYED_PEM_DECODE_FAILED: sshpmcert.c:4028 Cannot PEM decode private key

any idea how to resolve this problem?

8 Replies 8

Nicolas Darchis
Cisco Employee
Cisco Employee

are you sure that the password is the correct one ?

Yes, the password is entered correctly, double checked that again

(does the ios probably not like special characters as password, such as ! or / ?)

is there a maximum lenght for encryption keys? its 2048 right now

otherwise i did as explained in http://www.cisco.com/en/US/tech/tk722/tk809/technologies_configuration_example09186a00806e367a.shtml
(the .pem is not the root certificate, only a server ca)

edit: ok "Management" tab would have been the wrong attempt in the first place, it seems (actually want to be it a webauth not a webadmin certificate), "Security->web auth->certificate" seems to be the way to go, according to http://www.entrust.net/knowledge-base/technote.cfm?tn=8029 still the same problem though.http://www.entrust.net/knowledge-base/technote.cfm?tn=8029

1 – Your SSL certificate (webserver)

2 - The Entrust cross certificate (L1C)

3 – The Entrust Root certificate (Entrust 2048 root)

are all included in the certificate

Product Version.................................. 7.0.98.0 - so should be able to use chained certificates according to the first link.

Hello

Have you found a solution ?

I experienced the same: https://supportforums.cisco.com/message/3334053#3334053

Regards

Marcin

Here is a step by step blog post for pem certs on webauths i created. I had similar issues ..

http://www.my80211.com/home/2011/1/16/wlcgenerate-third-party-web-authentication-certificate-for-a.html

"Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin
___________________________________________________________

Thanx, I read it earlier, but I don't have to create a new certificate, my issue is that my existing certificate from Thawte works on some WLC but doesn't work on other WLCs.

Solution anyone? I am having the same problem.

The solution for me was to use openssl version 0.9.8x.

Review Cisco Networking for a $25 gift card