• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 2897
  • Last Modified:

importing an ssl certificate into WLAN Controller

I followed the recommended steps for generating a CSR for our WLC 4400, got all needed certs and combined them into the single chained cert but when i try to import the cert into the controller i get an error installing certificate.  please find the debug information below:
(Cisco Controller) >transfer download start                    

Mode............................................. TFTP  
Data Type........................................ Site Cert    
TFTP Server IP................................... 172.20.32.15
TFTP Packet Timeout.............................. 6
TFTP Max Retries................................. 10
TFTP Path........................................ /
TFTP Filename.................................... final-cert.pem

This may take some time.
Are you sure you want to start? (y/N) y
*TransferTask: May 13 18:19:15.445: Memory overcommit policy restored from 1 to 0

*TransferTask: May 13 18:21:13.219: Memory overcommit policy changed from 0 to 1

*TransferTask: May 13 18:21:13.368: RESULT_STRING: TFTP Webauth cert transfer starting.

*TransferTask: May 13 18:21:13.369: RESULT_CODE:1


TFTP Webauth cert transfer starting.
*emWeb: May 13 18:21:16.220: Still waiting!  Status = 2

*TransferTask: May 13 18:21:17.377: Locking tftp semaphore, pHost=172.20.32.15 pFilename=/final-cert.pem

*TransferTask: May 13 18:21:17.377: Semaphore locked, now unlocking, pHost=172.20.32.15 pFilename=/final-cert.pem

*TransferTask: May 13 18:21:17.377: Semaphore successfully unlocked, pHost=172.20.32.15 pFilename=/final-cert.pem

*TransferTask: May 13 18:21:17.378: TFTP: Binding to local=0.0.0.0 remote=172.20.32.15

*TransferTask: May 13 18:21:17.439: TFP End: 8632 bytes transferred (0 retransmitted packets)

*TransferTask: May 13 18:21:17.441: tftp rc=0, pHost=172.20.32.15 pFilename=/final-cert.pem
                                                                                                pLocalFilename=cert.p12

*TransferTask: May 13 18:21:17.441: RESULT_STRING: TFTP receive complete... Installing Certificate.


TFTP receive complete... Installing Certificate.
*TransferTask: May 13 18:21:17.441: RESULT_CODE:13

*emWeb: May 13 18:21:19.219: Still waiting!  Status = 2

*TransferTask: May 13 18:21:21.442: Adding cert (8564 bytes) with certificate key password.

*TransferTask: May 13 18:21:21.451: RESULT_STRING: Error installing certificate.


*TransferTask: May 13 18:21:21.451: RESULT_CODE:12

*TransferTask: May 13 18:21:21.452: ummounting: <umount /mnt/download/ >/dev/null 2>&1>  cwd  = /mnt/application

*TransferTask: May 13 18:21:21.495: finished umounting

*TransferTask: May 13 18:21:21.544: Memory overcommit policy restored from 1 to 0


Error installing certificate.
0
operationsbze
Asked:
operationsbze
1 Solution
 
rauenpcCommented:
What version of OpenSSL did you use? I ran into an issue like this a month ago and it was because I was using a newer version of OpenSSL. According to TAC, only 0.9.8 is supported to created the certificate. Using 1.0+ for some reason doesn't work even though all the steps complete successfully when creating the cert. The TAC engineer went on to say that Cisco has submitted a bug report to OpenSSL, but at the moment there was no fix or estimated time for a fix.

If this is an OpenSSL version issue, you can use all the same files and just do the last couple steps to create the final cert.
0
 
Craig BeckCommented:
rauenpc is correct, OpenSSL version 0.9.8 is the only version which will generate the correct cert credentials.  It has been this way for some time!

I suspect it is a chaining issue.  This is worth noting...

https://supportforums.cisco.com/docs/DOC-16220

Also, this may help...

https://supportforums.cisco.com/thread/2114923


I'm assuming you're installing a cert for WebAuth?
0

Featured Post

Evaluating UTMs? Here's what you need to know!

Evaluating a UTM appliance and vendor can prove to be an overwhelming exercise.  How can you make sure that you're getting the security that your organization needs without breaking the bank? Check out our UTM Buyer's Guide for more information on what you should be looking for!

Tackle projects and never again get stuck behind a technical roadblock.
Join Now