Cisco Cisco Wireless LAN Controller Module Technical Manual
Self−Signed Certificate Manual Addition to the
Controller for LWAPP−Converted APs
Controller for LWAPP−Converted APs
Document ID: 70341
Contents
Introduction
Prerequisites
Requirements
Components Used
Conventions
Background Information
Locate the SHA1 Key Hash
Add the SSC to the WLC
Task
GUI Configuration
CLI Configuration
Verify
Troubleshoot
Related Information
Prerequisites
Requirements
Components Used
Conventions
Background Information
Locate the SHA1 Key Hash
Add the SSC to the WLC
Task
GUI Configuration
CLI Configuration
Verify
Troubleshoot
Related Information
Introduction
This document explains the methods that you can use in order to manually add self−signed certificates (SSCs)
to a Cisco Wireless LAN (WLAN) Controller (WLC).
to a Cisco Wireless LAN (WLAN) Controller (WLC).
The SSC of an access point (AP) should exist on all WLCs in the network to which the AP has permission to
register. As a general rule, apply the SSC to all WLCs in the same mobility group. When addition of the SSC
to the WLC does not occur through the upgrade utility, you must manually add the SSC to the WLC with use
of the procedure in this document. You also need this procedure when an AP is moved to a different network
or when additional WLCs are added to the existing network.
register. As a general rule, apply the SSC to all WLCs in the same mobility group. When addition of the SSC
to the WLC does not occur through the upgrade utility, you must manually add the SSC to the WLC with use
of the procedure in this document. You also need this procedure when an AP is moved to a different network
or when additional WLCs are added to the existing network.
You can recognize this problem when a Lightweight AP Protocol (LWAPP)−converted AP does not associate
to the WLC. When you troubleshoot the association problem, you see these outputs when you issue these
debugs:
to the WLC. When you troubleshoot the association problem, you see these outputs when you issue these
debugs:
When you issue the debug pm pki enable command, you see:
(Cisco Controller) >debug pm pki enable
Thu Jan 26 20:22:50 2006: sshpmGetIssuerHandles: locking ca cert table
Thu Jan 26 20:22:50 2006: sshpmGetIssuerHandles: calling x509_alloc() for user cert
Thu Jan 26 20:22:50 2006: sshpmGetIssuerHandles: calling x509_decode()
Thu Jan 26 20:22:50 2006: sshpmGetIssuerHandles: <subject> L=San Jose, ST=
California, C=US, O=Cisco Systems, MAILTO=support@cisco.com, CN=C1130−00146a1b3744
Thu Jan 26 20:22:50 2006: sshpmGetIssuerHandles: <issuer> L=San Jose, ST=
California, C=US, O=Cisco Systems, MAILTO=support@cisco.com, CN=C1130−00146a1b3744
Thu Jan 26 20:22:50 2006: sshpmGetIssuerHandles: Mac Address in subject is
00:XX:XX:XX:XX
Thu Jan 26 20:22:50 2006: sshpmGetIssuerHandles: Cert is issued by Cisco Systems.
Thu Jan 26 20:22:50 2006: sshpmGetIssuerHandles: SSC is not allowed by config;
bailing...
Thu Jan 26 20:22:50 2006: sshpmFreePublicKeyHandle: called with (nil)
Thu Jan 26 20:22:50 2006: sshpmFreePublicKeyHandle: NULL argument.
•
When you issue the debug lwapp events enable command, you see:
•