Buy or Renew
Buy or Renew
Cisco Virtual Engineer generative AI bot now active in Wireless Discussion Forum. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
12437
Views
5
Helpful
30
Replies

Webauth Certificate install problem wlc 5508

Go to solution
PawelKozerski55944
Level 1
Level 1

‎12-04-2019 02:21 AM - edited ‎07-05-2021 11:23 AM

Hello

I have a problem with install a new webauth certificate on wlc 5508.

I created a new file like in this document:

https://www.cisco.com/c/en/us/support/docs/wireless/4400-series-wireless-lan-controllers/109597-csr-chained-certificates-wlc-00.html

From Gui and from cli when i try to download and install it i got an success information.

File transfer operation completed successfully. For Certificates to take effect and SSL to work, you need to reboot system. Click Here to get redirected to reboot page. 

After reboot of the controller i still see an old certyficate.

When i was enabled an debug i got something like that, but still dont know what is the cause and why new certificate is not installed correctly.

 

*TransferTask: Dec 03 13:33:43.187: Memory overcommit policy changed from 0 to 1

*TransferTask: Dec 03 13:33:43.187: RESULT_STRING: TFTP Webauth cert transfer starting.


TFTP Webauth cert transfer starting.
*TransferTask: Dec 03 13:33:43.187: RESULT_CODE:1

*TransferTask: Dec 03 13:33:47.222: TFTP: Binding to remote=192.168.40.100

*TransferTask: Dec 03 13:33:47.276: TFP End: 12043 bytes transferred (0 retransmitted packets)

*TransferTask: Dec 03 13:33:47.276: tftp rc=0, pHost=192.168.40.100 pFilename=WLAN5508/final_5508.pem
        pLocalFilename=cert.p12

*TransferTask: Dec 03 13:33:47.333: RESULT_STRING: TFTP receive complete... Installing Certificate                                                              .

*TransferTask: Dec 03 13:33:47.333: RESULT_CODE:13


TFTP receive complete... Installing Certificate.
*TransferTask: Dec 03 13:33:51.335: Adding cert (11947 bytes) with certificate key password.

*TransferTask: Dec 03 13:33:51.335: Add WebAuth Cert: Adding certificate & private key using password PASSWORD
*TransferTask: Dec 03 13:33:51.335: Add ID Cert: Adding certificate & private key using password PASSWORD
*TransferTask: Dec 03 13:33:51.336: Add Cert to ID Table: Adding certificate (name: bsnSslWebauthCert) to ID table using password PASSWORD
*TransferTask: Dec 03 13:33:51.336: Add Cert to ID Table: Decoding PEM-encoded Certificate (verify: YES)
*TransferTask: Dec 03 13:33:51.336: Decode & Verify PEM Cert: Cert/Key Length was 0, so taking string length instead
*TransferTask: Dec 03 13:33:51.336: Decode & Verify PEM Cert: Cert/Key Length 11947 & VERIFY
*TransferTask: Dec 03 13:33:51.365: Decode & Verify PEM Cert: X509 Cert Verification return code: 1
*TransferTask: Dec 03 13:33:51.365: Decode & Verify PEM Cert: X509 Cert Verification result text: ok
*TransferTask: Dec 03 13:33:51.367: Add Cert to ID Table: Decoding PEM-encoded Private Key using password PASSWORD
*TransferTask: Dec 03 13:33:51.369: Add Cert to ID Table: Adding cert & key to ID cert table; current/max: 5/8
*TransferTask: Dec 03 13:33:51.369: sshpmGetIdCertIndex: called to lookup cert >bsnSslWebauthCert<

*TransferTask: Dec 03 13:33:51.370: sshpmGetIdCertIndex: found match in row 4

*TransferTask: Dec 03 13:33:51.370: Add Cert to ID Table: Deleting bsnSslWebauthCert (row 4) from ID cert table
*TransferTask: Dec 03 13:33:51.370: Free Row in ID Table: Freeing OpenSSL cert (X509 fn: 0x2ac498c8 | DER fn: 0x2ab7e3c8) from ID cert table (row 4)
*TransferTask: Dec 03 13:33:51.370: Free Row in ID Table: Freeing OpenSSL key (EVP_PKEY fn: 0x2ac32030 | DER fn: 0x2ab7e3c8) from ID cert table (row 4)
*TransferTask: Dec 03 13:33:51.371: Add Cert to ID Table: Adding new bsnSslWebauthCert cert & key to row 4 of ID cert table
*TransferTask: Dec 03 13:33:51.371: Add ID Cert: Writing DER-encoded ID cert to file /mnt/application/bsnSslWebauthCert.crt
*TransferTask: Dec 03 13:33:51.371: sshpmWriteCredentialFile: called to write </mnt/application/bsnSslWebauthCert.crt>; certptr 0x2c49c8f0, length 1533

*TransferTask: Dec 03 13:33:51.372: Add ID Cert: Writing DER-encoded ID private key to file /mnt/application/bsnSslWebauthCert.prv
*TransferTask: Dec 03 13:33:51.372: sshpmWriteCredentialFile: called to write </mnt/application/bsnSslWebauthCert.prv>; certptr 0x2c49d124, length 1192

*TransferTask: Dec 03 13:33:51.373: Add ID Cert: Unlinking previously created ID PEM-encoded PKCS12 file webauth_p12.pem
*TransferTask: Dec 03 13:33:51.374: Add ID Cert: Created PEM-encoded ID PKCS12 file webauth_p12.pem
*TransferTask: Dec 03 13:33:51.374: RESULT_STRING: Certificate installed.
             Reboot the switch to use new certificate.


*TransferTask: Dec 03 13:33:51.374: RESULT_CODE:11

*TransferTask: Dec 03 13:33:51.376: Memory overcommit policy restored from 1 to 0


Certificate installed.
                        Reboot the switch to use new certificate.


(Cisco Controller) >

 

Labels:
0 Helpful
30 Replies 30

Go to solution
Scott Fella
Hall of Fame
Hall of Fame
In response to PawelKozerski55944

‎02-28-2020 07:56 PM

Glad that worked for you. I also think that two intermediate ca’s are the max for controller certificates.
-Scott
*** Please rate helpful posts ***
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card