Solved

importing an ssl certificate into WLAN Controller

Posted on 2013-05-14
2
2,314 Views
Last Modified: 2013-08-12
I followed the recommended steps for generating a CSR for our WLC 4400, got all needed certs and combined them into the single chained cert but when i try to import the cert into the controller i get an error installing certificate.  please find the debug information below:
(Cisco Controller) >transfer download start                    

Mode............................................. TFTP  
Data Type........................................ Site Cert    
TFTP Server IP................................... 172.20.32.15
TFTP Packet Timeout.............................. 6
TFTP Max Retries................................. 10
TFTP Path........................................ /
TFTP Filename.................................... final-cert.pem

This may take some time.
Are you sure you want to start? (y/N) y
*TransferTask: May 13 18:19:15.445: Memory overcommit policy restored from 1 to 0

*TransferTask: May 13 18:21:13.219: Memory overcommit policy changed from 0 to 1

*TransferTask: May 13 18:21:13.368: RESULT_STRING: TFTP Webauth cert transfer starting.

*TransferTask: May 13 18:21:13.369: RESULT_CODE:1


TFTP Webauth cert transfer starting.
*emWeb: May 13 18:21:16.220: Still waiting!  Status = 2

*TransferTask: May 13 18:21:17.377: Locking tftp semaphore, pHost=172.20.32.15 pFilename=/final-cert.pem

*TransferTask: May 13 18:21:17.377: Semaphore locked, now unlocking, pHost=172.20.32.15 pFilename=/final-cert.pem

*TransferTask: May 13 18:21:17.377: Semaphore successfully unlocked, pHost=172.20.32.15 pFilename=/final-cert.pem

*TransferTask: May 13 18:21:17.378: TFTP: Binding to local=0.0.0.0 remote=172.20.32.15

*TransferTask: May 13 18:21:17.439: TFP End: 8632 bytes transferred (0 retransmitted packets)

*TransferTask: May 13 18:21:17.441: tftp rc=0, pHost=172.20.32.15 pFilename=/final-cert.pem
                                                                                                pLocalFilename=cert.p12

*TransferTask: May 13 18:21:17.441: RESULT_STRING: TFTP receive complete... Installing Certificate.


TFTP receive complete... Installing Certificate.
*TransferTask: May 13 18:21:17.441: RESULT_CODE:13

*emWeb: May 13 18:21:19.219: Still waiting!  Status = 2

*TransferTask: May 13 18:21:21.442: Adding cert (8564 bytes) with certificate key password.

*TransferTask: May 13 18:21:21.451: RESULT_STRING: Error installing certificate.


*TransferTask: May 13 18:21:21.451: RESULT_CODE:12

*TransferTask: May 13 18:21:21.452: ummounting: <umount /mnt/download/ >/dev/null 2>&1>  cwd  = /mnt/application

*TransferTask: May 13 18:21:21.495: finished umounting

*TransferTask: May 13 18:21:21.544: Memory overcommit policy restored from 1 to 0


Error installing certificate.
0
Comment
Question by:operationsbze
2 Comments
 
LVL 20

Accepted Solution

by:
rauenpc earned 500 total points
ID: 39165109
What version of OpenSSL did you use? I ran into an issue like this a month ago and it was because I was using a newer version of OpenSSL. According to TAC, only 0.9.8 is supported to created the certificate. Using 1.0+ for some reason doesn't work even though all the steps complete successfully when creating the cert. The TAC engineer went on to say that Cisco has submitted a bug report to OpenSSL, but at the moment there was no fix or estimated time for a fix.

If this is an OpenSSL version issue, you can use all the same files and just do the last couple steps to create the final cert.
0
 
LVL 45

Expert Comment

by:Craig Beck
ID: 39177605
rauenpc is correct, OpenSSL version 0.9.8 is the only version which will generate the correct cert credentials.  It has been this way for some time!

I suspect it is a chaining issue.  This is worth noting...

https://supportforums.cisco.com/docs/DOC-16220

Also, this may help...

https://supportforums.cisco.com/thread/2114923


I'm assuming you're installing a cert for WebAuth?
0

Featured Post

Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Article by: btan
Provide an easy one stop to quickly get the relevant information on common asked question on Ransomware in Expert Exchange.
As a financial services provider, your business is impacted by two of the strictest federal regulations on record: the Sarbanes-Oxley Act and the Gramm-Leach-Bliley Act. Correctly implementing faxing into your organization to provide secure, real-ti…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

895 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now