Re: WLC SSL webadmin cert install error Help - Page 3

studmuffin · ‎01-21-2022

What do i need to do to solve this error Error in Screen shot

studmuffin · ‎01-24-2022

It does not work becuase it does not work in chrome or any modern browser becuase there are no Subject alternate names

studmuffin · ‎01-24-2022

Read that

Scott Fella · ‎01-24-2022

Okay... well then use openssl. I don't know what else to tell you. The reason the controller has an error when you upload the certificate is because it doesn't like how you put that together. From my experience, when I have used other tools to generate the CSR and entered other data, the cert failed to upload. So use openssl and the SAN and thats it and see what happens.

-Scott
*** Please rate helpful posts ***

studmuffin · ‎01-24-2022

Is it the way that I actually assembled it or is it something wrong with one of the certificates itself

Do you know how i would do the sans in open ssl becauase i dont understand how to do that

Scott Fella · ‎01-24-2022

It can be a combination of both. If the CSR was generated improperly, that can cause an error. If the final pem file does not have the correct information and properly bundled, that also can cause an error.

Download OpenSSL and give that a try. The directions are pretty simple to follow. This way your CSR is accurate, which eliminates that piece.

Generate CSR for Third-Party Certificates and Download Chained Certificates to the WLC - Cisco

-Scott
*** Please rate helpful posts ***

studmuffin · ‎01-24-2022

I just tried that and still same error code 12

I wish i knew what that error code was for

Scott Fella · ‎01-24-2022

Here is something to try. Use the WLC to generate the CSR and then get the certificate and try to bundle that in a pem. If that fails, then you know its how you are putting the pem together. If that works, then you know you are bundling the file properly and its the generation of the CSR that is the issue.

-Scott
*** Please rate helpful posts ***

studmuffin · ‎01-24-2022

Not a bad Idea i will try that tomorrow

Scott Fella · ‎01-24-2022

Let use know... keep in mind, when you bundle the cert into a pem, it shouldn't look like what you posted before, should be simple. If you have multiple intermediates, then that would have to be in the correct order. Keep this in mind also:

Level 2 - Use of a server certificate on the WLC, one single CA intermediate certificate, and a CA root certificate

------BEGIN CERTIFICATE------
*Device cert*
------END CERTIFICATE------
------BEGIN CERTIFICATE------
*Intermediate CA cert *
------END CERTIFICATE--------
------BEGIN CERTIFICATE------
*Root CA cert *
------END CERTIFICATE------

Level 3 - Use of a server certificate on the WLC, two CA intermediate certificates, and a CA root certificate

------BEGIN CERTIFICATE------
*Device cert*
------END CERTIFICATE------
------BEGIN CERTIFICATE------
*Intermediate CA cert *
------END CERTIFICATE--------

------BEGIN CERTIFICATE------
*Intermediate CA cert *
------END CERTIFICATE--------
------BEGIN CERTIFICATE------
*Root CA cert *
------END CERTIFICATE------

-Scott
*** Please rate helpful posts ***