Can't install a chained SSL WebAuth certificate on Cisco WLC

Question

I have a trouble with installing StartCom's SSL certificate for WebAuth on a Cisco WLC 2504 controller. It has 7.2.103.0 software version.

I have done all the steps that are described in Cisco's guide, but it says 'Error installing certificate'.Yes, I'm sure, that the order of certs is right (device, intermediate, root). Yes, I have a valid key for this certificate. I used OpenSSL version 0.9.8, downloaded from Sourceforge as Cisco suggested. Nothing helps. I've provided the logs of TFTP transaction below.

Mode............................................. TFTP
Data Type........................................ Site Cert
TFTP Server IP................................... 172.16.10.5
TFTP Packet Timeout.............................. 6
TFTP Max Retries................................. 10
TFTP Path........................................ /
TFTP Filename.................................... wlc.pem

This may take some time.
Are you sure you want to start? (y/N) y
*TransferTask: Oct 13 23:08:29.319: Memory overcommit policy changed from 0 to 1
*TransferTask: Oct 13 23:08:29.647: Delete ramdisk for ap bundle
*TransferTask: Oct 13 23:08:29.897: RESULT_STRING: TFTP Webauth cert transfer starting.
*TransferTask: Oct 13 23:08:29.898: RESULT_CODE:1

TFTP Webauth cert transfer starting.
*emWeb: Oct 13 23:08:32.318: Still waiting!  Status = 2
*TransferTask: Oct 13 23:08:33.906: Locking tftp semaphore, pHost=172.16.10.5 pFilename=/wlc.pem
*TransferTask: Oct 13 23:08:33.907: Semaphore locked, now unlocking, pHost=172.16.10.5 pFilename=/wlc.pem
*TransferTask: Oct 13 23:08:33.907: Semaphore successfully unlocked, pHost=172.16.10.5 pFilename=/wlc.pem
*TransferTask: Oct 13 23:08:33.908: TFTP: Binding to remote=172.16.10.5
*TransferTask: Oct 13 23:08:33.950: TFP End: 10021 bytes transferred (0 retransmitted packets)
*TransferTask: Oct 13 23:08:33.951: tftp rc=0, pHost=172.16.10.5 pFilename=/wlc.pem pLocalFilename=cert.p12

*TransferTask: Oct 13 23:08:33.951: RESULT_STRING: TFTP receive complete... Installing Certificate.

TFTP receive complete... Installing Certificate.
*TransferTask: Oct 13 23:08:33.951: RESULT_CODE:13
*emWeb: Oct 13 23:08:35.317: Still waiting!  Status = 2
*TransferTask: Oct 13 23:08:37.953: Adding cert (9941 bytes) with certificate key password.
*emWeb: Oct 13 23:08:38.317: Still waiting!  Status = 1
*emWeb: Oct 13 23:08:41.317: Still waiting!  Status = 1
*TransferTask: Oct 13 23:08:42.540: RESULT_STRING: Error installing certificate.
*TransferTask: Oct 13 23:08:42.540: RESULT_CODE:12

*TransferTask: Oct 13 23:08:42.541: ummounting: <umount /mnt/download/ >/dev/null 2>&1>  cwd  = /mnt/application
*TransferTask: Oct 13 23:08:42.622: finished umounting
*TransferTask: Oct 13 23:08:43.031: Create ramdisk for ap bundle
Error installing certificate.

It's important to say that I've did the same steps and sent the same PEM file on another WLAN controller (with 7.0.240.0 SW version) and it worked fine. So there's nothing wrong with file itself. How to fix this issue? Any ideas?

score 0 · Accepted Answer · answered May 26 '17 at 12:26

0

The problem has been solved by using older version of OpenSSL. You need OpenSSL version 0.9.8h to build the cert chain that is accepted by Cisco WLC with SW version 7.0.x

answered May 26 '17 at 12:26

namikiri

11
6

Can't install a chained SSL WebAuth certificate on Cisco WLC

1 Answers1