Solved

importing an ssl certificate into WLAN Controller

Posted on 2013-05-14
2
2,438 Views
Last Modified: 2013-08-12
I followed the recommended steps for generating a CSR for our WLC 4400, got all needed certs and combined them into the single chained cert but when i try to import the cert into the controller i get an error installing certificate.  please find the debug information below:
(Cisco Controller) >transfer download start                    

Mode............................................. TFTP  
Data Type........................................ Site Cert    
TFTP Server IP................................... 172.20.32.15
TFTP Packet Timeout.............................. 6
TFTP Max Retries................................. 10
TFTP Path........................................ /
TFTP Filename.................................... final-cert.pem

This may take some time.
Are you sure you want to start? (y/N) y
*TransferTask: May 13 18:19:15.445: Memory overcommit policy restored from 1 to 0

*TransferTask: May 13 18:21:13.219: Memory overcommit policy changed from 0 to 1

*TransferTask: May 13 18:21:13.368: RESULT_STRING: TFTP Webauth cert transfer starting.

*TransferTask: May 13 18:21:13.369: RESULT_CODE:1


TFTP Webauth cert transfer starting.
*emWeb: May 13 18:21:16.220: Still waiting!  Status = 2

*TransferTask: May 13 18:21:17.377: Locking tftp semaphore, pHost=172.20.32.15 pFilename=/final-cert.pem

*TransferTask: May 13 18:21:17.377: Semaphore locked, now unlocking, pHost=172.20.32.15 pFilename=/final-cert.pem

*TransferTask: May 13 18:21:17.377: Semaphore successfully unlocked, pHost=172.20.32.15 pFilename=/final-cert.pem

*TransferTask: May 13 18:21:17.378: TFTP: Binding to local=0.0.0.0 remote=172.20.32.15

*TransferTask: May 13 18:21:17.439: TFP End: 8632 bytes transferred (0 retransmitted packets)

*TransferTask: May 13 18:21:17.441: tftp rc=0, pHost=172.20.32.15 pFilename=/final-cert.pem
                                                                                                pLocalFilename=cert.p12

*TransferTask: May 13 18:21:17.441: RESULT_STRING: TFTP receive complete... Installing Certificate.


TFTP receive complete... Installing Certificate.
*TransferTask: May 13 18:21:17.441: RESULT_CODE:13

*emWeb: May 13 18:21:19.219: Still waiting!  Status = 2

*TransferTask: May 13 18:21:21.442: Adding cert (8564 bytes) with certificate key password.

*TransferTask: May 13 18:21:21.451: RESULT_STRING: Error installing certificate.


*TransferTask: May 13 18:21:21.451: RESULT_CODE:12

*TransferTask: May 13 18:21:21.452: ummounting: <umount /mnt/download/ >/dev/null 2>&1>  cwd  = /mnt/application

*TransferTask: May 13 18:21:21.495: finished umounting

*TransferTask: May 13 18:21:21.544: Memory overcommit policy restored from 1 to 0


Error installing certificate.
0
Comment
Question by:operationsbze
2 Comments
 
LVL 20

Accepted Solution

by:
rauenpc earned 500 total points
ID: 39165109
What version of OpenSSL did you use? I ran into an issue like this a month ago and it was because I was using a newer version of OpenSSL. According to TAC, only 0.9.8 is supported to created the certificate. Using 1.0+ for some reason doesn't work even though all the steps complete successfully when creating the cert. The TAC engineer went on to say that Cisco has submitted a bug report to OpenSSL, but at the moment there was no fix or estimated time for a fix.

If this is an OpenSSL version issue, you can use all the same files and just do the last couple steps to create the final cert.
0
 
LVL 45

Expert Comment

by:Craig Beck
ID: 39177605
rauenpc is correct, OpenSSL version 0.9.8 is the only version which will generate the correct cert credentials.  It has been this way for some time!

I suspect it is a chaining issue.  This is worth noting...

https://supportforums.cisco.com/docs/DOC-16220

Also, this may help...

https://supportforums.cisco.com/thread/2114923


I'm assuming you're installing a cert for WebAuth?
0

Featured Post

Free Tool: Postgres Monitoring System

A PHP and Perl based system to collect and display usage statistics from PostgreSQL databases.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Cisco Air AP 6 59
Question about hardware for home wireless networking setup 3 65
Review of apps API SSL Cert policy 2 31
Cisco 3800 series and WISM2 1 30
As a financial services provider, your business is impacted by two of the strictest federal regulations on record: the Sarbanes-Oxley Act and the Gramm-Leach-Bliley Act. Correctly implementing faxing into your organization to provide secure, real-ti…
Encryption for Business Encryption (https://en.wikipedia.org/wiki/Encryption) ensures the safety of our data when sending emails. In most cases, to read an encrypted email you must enter a secret key that will enable you to decrypt the email. T…
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

828 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question