Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
14490
Views
15
Helpful
8
Replies

SSL-Certificates on WLC 5508

Woodcke---
Level 1
Level 1

‎03-29-2011 11:30 PM - edited ‎07-03-2021 08:00 PM

I'm trying to upload an SSL-certificate(.PEM) to a WLC 5508 via the "Management->HTTP-HTTPS"-Tab, but always get the error messages:

*TransferTask: Mar 30 07:51:20.882: %UPDATE-3-CERT_INST_FAIL: updcode.c:1276 Failed to install Webauth certificate. rc = 1
*TransferTask: Mar 30 07:51:20.882: %SSHPM-3-KEYED_PEM_DECODE_FAILED: sshpmcert.c:4028 Cannot PEM decode private key

any idea how to resolve this problem?

1 person had this problem
Labels:
0 Helpful
8 Replies 8

Nicolas Darchis
Cisco Employee
Cisco Employee

‎03-30-2011 01:19 AM

are you sure that the password is the correct one ?

0 Helpful

Woodcke---
Level 1
Level 1
In response to Nicolas Darchis

‎03-30-2011 01:33 AM

Yes, the password is entered correctly, double checked that again

(does the ios probably not like special characters as password, such as ! or / ?)

is there a maximum lenght for encryption keys? its 2048 right now

otherwise i did as explained in http://www.cisco.com/en/US/tech/tk722/tk809/technologies_configuration_example09186a00806e367a.shtml
(the .pem is not the root certificate, only a server ca)

edit: ok "Management" tab would have been the wrong attempt in the first place, it seems (actually want to be it a webauth not a webadmin certificate), "Security->web auth->certificate" seems to be the way to go, according to http://www.entrust.net/knowledge-base/technote.cfm?tn=8029 still the same problem though.http://www.entrust.net/knowledge-base/technote.cfm?tn=8029

1 – Your SSL certificate (webserver)

2 - The Entrust cross certificate (L1C)

3 – The Entrust Root certificate (Entrust 2048 root)

are all included in the certificate

Product Version.................................. 7.0.98.0 - so should be able to use chained certificates according to the first link.

0 Helpful

marcin.waliczek
Level 1
Level 1
In response to Woodcke---

‎04-10-2011 02:25 AM

Hello

Have you found a solution ?

I experienced the same: https://supportforums.cisco.com/message/3334053#3334053

Regards

Marcin

0 Helpful

George Stefanick
VIP Alumni
VIP Alumni
In response to marcin.waliczek

‎04-10-2011 07:24 AM

Here is a step by step blog post for pem certs on webauths i created. I had similar issues ..

http://www.my80211.com/home/2011/1/16/wlcgenerate-third-party-web-authentication-certificate-for-a.html

"Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin
___________________________________________________________
0 Helpful

marcin.waliczek
Level 1
Level 1
In response to George Stefanick

‎04-10-2011 07:48 AM

Thanx, I read it earlier, but I don't have to create a new certificate, my issue is that my existing certificate from Thawte works on some WLC but doesn't work on other WLCs.

0 Helpful

Grayson Wells
Level 1
Level 1
In response to marcin.waliczek

‎11-25-2012 02:53 PM

Solution anyone? I am having the same problem.

0 Helpful

Grayson Wells
Level 1
Level 1
In response to Grayson Wells

‎11-25-2012 05:00 PM

The solution for me was to use openssl version 0.9.8x.

Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card