Problem uploading SSL certificat on a WLC 5508

Similar Messages

• Getting error "Problem with SSL Certificate" but I'm connecting to my private server without SSL

  I wanted to create a PDF from a subtree at a website. The first problem was that Acrobat Pro (11.0.7) wouldn't spider it (probably because there was a robot.txt file there) so I had to use SiteSucker to pull the pages down to my Mac.
  Then I discovered that Acrobat Pro can't handle file:/// URLs so that was no good either
  So then I copied all the pages to a folder on my Linux server where I use a non-standard port (86) for http connection as a minor security precaution.
  When I tried to access that from Acrobat Pro, it bitched about a problem with SSL Certificate but gave me no option to do anything about it. More relevantly, all the files were accessible using http protocol, not https so there shouldn't have been any need to deal with SSL certificates at all
  I had to temporarily enable port 80 on my apache server at which point it's now pulling all the files in and hopefully converting them.
  A) We're at version 11 ---- these kinds of issues should have been fixed years ago
  B) While you're at it, fix the stupid UI issue where the download dialog disappears completely if Acrobat Pro doesn't have the focus. On a long download, I'd like to be able to see progress while working on other stuff. Acrobat Pro is not the center of the universe!

  Interesting point 2, I am working on a Mac plugin at the moment. It does not hide its dialogs when switching to a different app. I consider this a bug and will fix it so the dialog disappears. I hadn't considered the question of progress but there is a very strong reason to do this on the Mac.
  My tests seem to show that
  (a) to get a dialog to sit above PDF documents all the time, it must be on a higher "level".
  (b) if a dialog is at a higher level, this is a global setting.
  So, if the dialog is not hidden when switching all, it will typically sit on top of the other app's document windows. This would not be popular, as the end user, unless they have mountains of screen space and choose to use it that way, must either close or move the dialog when switching app, then bring the dialog back.  So, because Acrobat Pro is not the centre of the universe, it will hide dialogs (or rather, the Mac will, as it's a standard option when creating a window).

• Unable to upload/download the configuration in WLC 5508

  Dear Friends,
  I do have issue in upgrading firmware or downloading code from WLC 5508 , version 7.0. I did the same image upload with other devices through CLI from my notebook and it works fine.
  Everytime i try to upload/download the image, it gives the error .
  Has anyone faced the issues, is there any workaround ?
  Regards,
  SID

  I believe that is just how Cisco designed it:). I believe in earlier versions this worked.
  I don't like it now because I cant download the config on a wlc of the ap I'm on. The enable managent via wireless is totally different... As you know, you can manage it.... Sort of:)
  Thanks,
  Scott Fella
  Sent from my iPhone

• Problems installing SSL certificates for more than one alias on iMS 5.2

  I have a problem to getting encyption on IMAP/HTTP/SMTP when they are on the same server. I only getting one SSL certificate installed by the Netscape console wizard, and therefore only one alias.
  Let's say I have 3 aliases to the same server just for the scalability, imap.vxu.se, smtp.vxu.se and mail.vxu.se for http (https). Then I can only have one certificate installed at the same time, for example https://mail.vxu.se. And the others, like (S)IMAP I getting a dialouge that says the hostname doesnt is the same as the registred in the certificate. How do I solve this? Is there some possibillity to install more than ONE certificate, so I can have one certificate for each alias?
  Environment: Full 420R, Solaris 8, iMS5.2
  Thanks in advice

  Although I completely agree the comments that suggestion this is not a great configuration idea, the error you are seeing ("...bean not found...") likely has nothing to do with the configuration - at least not as mentioned. My first guess is that if you are running the same exact form (FMX) as you ran for your first test then there should be no error. The only way such an error would appear is if the proper jar files are not being pulled to the client JRE or if the fmx was not properly generated. Be sure you are including config=webutil in the URL or that you have added the Webutil configuration info to your own named configuration section of formsweb.cfg
  Regardless, if this is a Windows machine, the probability of having problems with multiple installations of the same version is high. Consider that the system PATH, CLASSPATH, ORACLE_HOME and various other system variables needed by the server side of the installation will overlap for each installation. This will cause problems. On the client side, attempting to download jars of the same name from the same server, but which are not actually the same files will confuse the JRE. If the JRE detects that a file which it has already cached is coming from the same server (host) then it will not attempt to pull it again. This will be a problem if the jars are not exactly the same in both installation. Making the problem worse is that you may not be able to easily determine from which installation the jars (or any files) were obtained.
  So. as a general rule, regardless of whether multple installations can co-exist, I would not recommend it. This is especially true on a Windows platform.

• Messaging Server: Problem Adding SSL Certificate

  We have a problem importing a CA certificate into Messaging Server 7 on Solaris 10 x86.
  Platform
  uname -a
  SunOS mail1 5.10 Generic_138889-03 i86pc i386 i86pcMessaging Server Version
  imsimta version
  Sun Java(tm) System Messaging Server 7.0-3.01 64bit (built Dec  9 2008)
  libimta.so 7.0-3.01 64bit (built 09:24:13, Dec  9 2008)We have created a certificate database and generated a certificate request, as follows:
  msgcert generate-certDB
  msgcert request-cert --name mail.domain.xxx  --org "University of XXX" --org-unit ITS --city XXX  --state "XXX" --country GB -F ascii -o /tmp/ssl.csrHowever, when we come to import the CA-supplied certificate we get the following error.
  msgcert add-cert Server-Cert /tmp/mail1.crt
  Enter the certificate database password:
  Unable to find private key for this certificate.
  Failed to add the certificate.I'm confused. What does the msgcert request-cert command use as a private key when generating the certificate request? Should I have used openssl to generate the certificate request with a known private key?
  Thanks
  Alan

  I solved the problem by converting certificate to pkcs#12 format and importing it.
  openssl pkcs12 -export -in cert.pem -inkey private.key -out cert.pkcs12 -name Server-Cert
  /opt/sun/comms/messaging64/bin/msgcert add-cert Server-Cert cert.pkcs12Alan

• Problem installing SSL certificate for CPS

  I work at a medium-sized University, and we have used
  Contribute 3 with CPS1.11 for well over a year. Recently, however,
  the Contribute clients began having difficulty logging in to CPS.
  At first this was intermittent, but is now constant. Adobe support
  suggested replacing the CPS self-signed SSL certificate with a
  genuine one, because apparently the self-signed certificate is
  causing communication delays and timeouts.
  I have the certificate, and am trying to use keytool (see
  http://java.sun.com/j2se/1.4.2/docs/tooldocs/windows/keytool.html)
  to install it, but it is asking me for a keystore password, which I
  don't know. Apparently the standard defaults are "changeit" or
  "passphrase", but neither of these work.
  As a test, I created a fresh install of CPS and attempted to
  list the keys in the keystore, but again was asked for a keystore
  password and the defaults did not work. Adobe support suggested I
  ask here. Anybody have any experience installing a certificate for
  CPS?

  Are you sure that the certificate needs to be installed to all users? Can you provide more details about the certificate and its purposes?
  My weblog: en-us.sysadmins.lv
  PowerShell PKI Module: pspki.codeplex.com
  PowerShell Cmdlet Help Editor pscmdlethelpeditor.codeplex.com
  Check out new:
  SSL Certificate Verifier
  Check out new:
  PowerShell FCIV tool.

• Problem generating SSL certificate

  I'm trying to generate a CSR from oracle wallet 10g R2 for a wildcard SSL account with network solutions. Wallet gives an error when I use *.mydomain.com for the common name, yet netsol requires this format to register the certificate. Any ideas on how to workaround this issue.

  Hi,
  I'm having the same problem... Did you have any luck solving this issue?
  Derek

• Error while uploading SSL certificate in Visual Admin

  Hi,
  I generated a .cert base 64 certificate from STRUST tcode of my ECC server.I'am tring to load the certificate in visual administrator under key storage --> ADS Certs. while loading,  it is giving me an error message stating " Key Store : ID21113:Input array size must be multiple by 4."
  I was able to upload the same certificate with .cert extension previously, but this time it is throwing me import failed error and the above error message. I checked in forums but i  couldn't find any solution.
  Please guide me with a solution.
  With Regards,
  Joel

  work around provided by SAP
  I neither managed to load your key to my keystorage.
  Nevertheless, I converted your certificate by means of the
  "Certificate Export Wizard" (of the Internet Explorer) to "DER encoded
  binary X.509 (.cer). Then I renamed the file to "ORDclstd.crt" and
  finally was able to load this certificate to the keystorage.

• Problem with ssl certificate

  Hello everyone!
  I have a scenario wherein I am trying to connect SRM to a marketsite through XI.
  SRM (Purchase Order) --->  XI (marketplace adapter) ---> Marketsite
  The URL of the marketsite is of the type HTTPS so I am using certificate logon as the method for authentication.
  Please tell me whether this is the right thing to do:
  1. Create a self-signed certificate in the "Key Storage" of the visual administrator.
  2. Export the certificate and have it installed in the marketsite.
  3. Configure the marketplace com. channel in the integration directory to use the private key I used to generate the certificate I sent to the marketsite.
  Having done that, I am get a "server rejected by chain verifier" error in the message monitoring tool.
  Here are some other questions:
  1. Should I create a new View for the certificate and private key, or should I create the certificate in the existing "service_ssl" and rename the new certificate "ssl-credentials-cert" and the private key "ssl_credentials"
  2. Will a self-signed certificate work or do I need to get it signed by a CA before importing the response.
  3. If a self-signed certificate will work, do I need to add another certificate in the "TrustedCAs" view?
  4. If I should import a certificate response from a CA, where can I get the certificate of the CA?
  I know these are a lot of questions, but I'd really appreciate all the help I can get from you guys. Please avoid posting links to other threads as I have pretty much read all of them..
  Warm regards,
  Glenn

  Hi Glenn,
  Let me explain the scenario without client certificate Logon (User and password) first .
  When you want to communicate with marketsite in secure manner, get the certificate of the CA (Certifying Authority) who has signed market site Cert. and add it to Trusted CAs view in Visual Admin of XI. Sometimes it may be a CA certificate chain.
  If that certificate is self-signed, add the market site certificate itself in to Trusted CAS of Vis.Admin of XI.
  Certificate Logon:
  This is for ur (XI servers) Identity to Marketsite.
  In Visual Admin KeyStorage create a view or in any of existing views create a Private Key and Public key (Certificate) pair representing XI Server (CN should be hostname of XI server). Get the public Key signed by CA and import the Certificate in Visual Admin.
  Now in Configuration select view and the Private Key just created for XI's Identity.
  PS: There may be some steps in Marketsite too in case of Certificate logon like Adding XI certificate to something like Trusted CAS of Marketsite.You can get better picture from guys administrating the Marketsite..
  Try these options and post the results in forum.
  Good Luck.
  Regards,
  Sudharshan N A

• RF Grouping problem WLC 5508

  Hi,
  We have a problem regarding RF Grouping between two WLC 5508.
  The two controllers have the same RF Group name,RF Grouping is enabled,they belong to the same mobility group,their management IP
  address is on the same subnet, they ping each other but they don't elect a Group Leader. Each one
  elects itself as the Group Leader.
  We have tried to place 2 APs,each belonging to different controller, close one to the other but nothing changed.
  Any help would be much appreciated.

  Hi Nicolas,
  Because we have an almost live network, we wouldn't like to go public with our configurations. Is there any other way we can send them to you?
  Thanks in advance,
  Theofilos

• WLC 5508 - Error extracting webauth files.

  Hi all,
  i am getting an error during the Upload of Login page for WLC 5508 customized.
  After the upload is completed i receveid the error "Error extracting webauth files."
  I tried to create the file *.tar with different program (winrar, 7zip, gnu tar, etc)
  anyone know the solution for this problem?
  Thanks
  Marco

  TQVVM Marco, it helps and issue resolved. I was downloading a folder consists of (login.html+folder CSS) compressed .TAR but failed. Instead of putting in a folder and directly downloaded the compressed .TAR and it was extracted successfully.
  Thanks.

• MPX 2.1.1.2 SSL Certificates doesn't show in the web administration

  Hey guys,
  I've uploaded SSL certificates to my MeetingPlace Express installation and I got the error showed in the attached file. "Display Certificate" via the web interface doesn't show anything but under CLI with SSLUtil command I can see that the certificates are actually generated in the system.
  Currently the certificates are actullay working when I access the meetingplace via web but I don't have any administration control over them via the web administration. Rebooting the server doesn't help. Anyone experienced similar issue?
  Regards,
  Vladimir

  Correct it did work in 1.5. on .sql files, when connected, so I have updated the ER to bug. We also need to expand this to support PL/SQL files.
  Sue

• SSL Certificate for Software LifeCycle Management

  Dear Friends,
  We have Solution Manger 70 with EhancementPack 1 (Java 7.01 SP4). Trying to configure the Software LifeCycle Management and I am stuck at the first stage i.e. generating SSL SSL Certificate.
  Here is what I have done and please let me know on how to proceed...
  - Installed SAP Cryptographic libraries, all the necessary Profile parameters and activated HTTPS...
  - STRUSTSSO2 --> Created SSL Server PSE
  - Generated the Certificate Requests for the SSL Server PSE
  - Copied the Certificate Request.
  - Opened the https://service.sap.com/tcs site
  - Requested for SSL Test Server Certificate by pasting the Copied the Certificate Request and generated the certificate response in a "PKCS # 7 Certificate Chain" format.
  - Copied the Generated Imported Certficate from SAP Trust center Site, and Imported the Certificate response for SSL Server using STRUSTSSO2.
  What else I am missing here?????????
  How to generate the Import Certifcate in a crt file format for SSL client (Anonymous or Standard) PSE's?????????
  Kindly help me with these issue ASAP.
  Thank you,
  Nikee

  Users are prompted to accept the certificate from the WLC because the clients do not have a trusted root certificate for the certificate that is installed on the WLC. The SSL certificate on the WLC is not in the list of certificates that the client system trusts. There are two ways to stop the generation of this web-browser security alert popup window:
  a) Use the self-signed SSL certificate on the WLC and configure the client stations to accept the certificate
  b) Generate a CSR and install a certificate that is signed by a source (a third-party CA) for which the clients already have the trusted root certificates installed. For more information on this read http://www.cisco.com/en/US/tech/tk722/tk809/technologies_configuration_example09186a00806e367a.shtml

• SSL-Certificates on WLC 5508

  I'm trying to upload an SSL-certificate(.PEM) to a WLC 5508 via the "Management->HTTP-HTTPS"-Tab, but always get the error messages:
  *TransferTask: Mar 30 07:51:20.882: %UPDATE-3-CERT_INST_FAIL: updcode.c:1276 Failed to install Webauth certificate. rc = 1
  *TransferTask: Mar 30 07:51:20.882: %SSHPM-3-KEYED_PEM_DECODE_FAILED: sshpmcert.c:4028 Cannot PEM decode private key
  any idea how to resolve this problem?

  Yes, the password is entered correctly, double checked that again
  (does the ios probably not like special characters as password, such as ! or / ?)
  is there a maximum lenght for encryption keys? its 2048 right now
  otherwise i did as explained in http://www.cisco.com/en/US/tech/tk722/tk809/technologies_configuration_example09186a00806e367a.shtml
  (the .pem is not the root certificate, only a server ca)
  edit: ok "Management" tab would have been the wrong attempt in the first place, it seems (actually want to be it a webauth not a webadmin certificate), "Security->web auth->certificate" seems to be the way to go, according to http://www.entrust.net/knowledge-base/technote.cfm?tn=8029 still the same problem though.http://www.entrust.net/knowledge-base/technote.cfm?tn=8029
  1 – Your SSL certificate (webserver)
  2 - The Entrust cross certificate (L1C)
  3 – The Entrust Root certificate (Entrust 2048 root)
  are all included in the certificate
  Product Version.................................. 7.0.98.0 - so should be able to use chained certificates according to the first link.

• ISE 1.2 / WLC 5508 EAP-TLS expired certificate error, but wireless still working

  Hi I have a customer that we've deployed ISE 1.2 and WLC 5508s at.  Customer is using EAP-TLS with and everything appears to setup properly.  Users are able to login to the network and authenticate, however, frequently, I'm getting the following error in ISE authentication logs:
  12516 EAP-TLS failed SSL/TLS handshake because of an expired certificate in the client certificates chain
  OpenSSL messages are:
  SSL alert: code=Ox22D=557 : source=local ; type=fatal : message="X509
  certificate ex pi red"'
  4 727850450.3616:error.140890B2: SS L
  rOYbne s: SSL 3_  G ET _CL IE NT  _CE RT IF ICAT E:no ce rtific ate
  relurned: s3_ srvr.c: 272 0
  I'm not sure if this is cosmetic or if this is something that I should be tracking down.  System isn't in full production yet, but every client seems to be working and there is no expired cert in the chain.  Any ideas what to check?

  Hello Dino,
    thanks very much for your reply.
    The client uses a machine-certificate, the PKI is not a microsoft one, but a third party PKI.   The certificate is fresh and valid, the root-cert is installed and checked to be validated against it for the login.
  Clock is correct too. The same setup works flawlessly in Windows 7 and XP.
  EKU is set on the certificate (1.3.6.1.5.5.7.3.2)
  I suspect the cert-setup itself, but don't get a clue where this might stuck...
  Björn