{"id":481,"date":"2020-01-14T16:02:23","date_gmt":"2020-01-14T08:02:23","guid":{"rendered":"https:\/\/www.insecurewire.com\/?p=481"},"modified":"2020-01-14T16:02:23","modified_gmt":"2020-01-14T08:02:23","slug":"cisco-wireless-lan-controller-access-point-dtls-3-handshake_failure","status":"publish","type":"post","link":"https:\/\/www.insecurewi.re\/index.php\/2020\/01\/14\/cisco-wireless-lan-controller-access-point-dtls-3-handshake_failure\/","title":{"rendered":"Cisco Wireless LAN Controller Access Point Certificate %DTLS-3-HANDSHAKE_FAILURE"},"content":{"rendered":"<p>I recently troubleshooted an issue wherein our Wireless LAN Controller was dropping access point connections. A quick look at the syslog of the WLC revealed the culprit:<br \/>\n<code>*osapiBsnTimer: Jan 14 11:41:09.582: %DTLS-3-HANDSHAKE_FAILURE: openssl_dtls.c:3214 Failed to complete DTLS handshake with peer 192.168.80.23<\/code><br \/>\nThis is the error that fills up the log when the <strong>Wireless Access Point certificate has expired.<\/strong><\/p>\n<p><strong>There are two types of WLC AP certificate:<\/strong><br \/>\nSSC &#8211; Self Signed Certificate<br \/>\nMIC &#8211; Manufacturer Installed Certificate<\/p>\n<p>This issue occurs when the certifcates installed on the APs at time of manufacture expire. 10 years is the expiry and any AP converted from autonomous to lightweight had an expiry of 1\/1\/2020. Which makes sense as to why we are seeing this now!<\/p>\n<p><strong>The fix is simple:<\/strong><br \/>\n1. SSH into the WLC<br \/>\n2. run the following command:<br \/>\n<code>config ap lifetime-check {mic|ssc} enable<br \/>\nconfig ap lifetime-check mic enable<br \/>\nconfig ap lifetime-check ssc enable<br \/>\nsave config<br \/>\n<\/code><\/p>\n<p>We had a mix of both SSC and MIC access points so I had to run both commands to ignore the certificates. Once complete the WAPs will re-connect to the controller.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>I recently troubleshooted an issue wherein our Wireless LAN Controller was dropping access point connections. A quick look at the syslog of the WLC revealed&#8230;<\/p>\n","protected":false},"author":2,"featured_media":482,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[24,20],"tags":[65,67,204,205],"class_list":["post-481","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cisco","category-wireless","tag-certificates","tag-cisco","tag-wireless","tag-wlc"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.1.1 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Cisco Wireless LAN Controller Access Point Certificate %DTLS-3-HANDSHAKE_FAILURE - Insecure Wire<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.insecurewi.re\/index.php\/2020\/01\/14\/cisco-wireless-lan-controller-access-point-dtls-3-handshake_failure\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Cisco Wireless LAN Controller Access Point Certificate %DTLS-3-HANDSHAKE_FAILURE - Insecure Wire\" \/>\n<meta property=\"og:description\" content=\"I recently troubleshooted an issue wherein our Wireless LAN Controller was dropping access point connections. A quick look at the syslog of the WLC revealed...\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.insecurewi.re\/index.php\/2020\/01\/14\/cisco-wireless-lan-controller-access-point-dtls-3-handshake_failure\/\" \/>\n<meta property=\"og:site_name\" content=\"Insecure Wire\" \/>\n<meta property=\"article:published_time\" content=\"2020-01-14T08:02:23+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.insecurewi.re\/wp-content\/uploads\/2020\/01\/wlc.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"749\" \/>\n\t<meta property=\"og:image:height\" content=\"410\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"nikonau\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@https:\/\/twitter.com\/insecurewire\" \/>\n<meta name=\"twitter:site\" content=\"@insecurewire\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"nikonau\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"1 minute\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.insecurewi.re\/index.php\/2020\/01\/14\/cisco-wireless-lan-controller-access-point-dtls-3-handshake_failure\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.insecurewi.re\/index.php\/2020\/01\/14\/cisco-wireless-lan-controller-access-point-dtls-3-handshake_failure\/\"},\"author\":{\"name\":\"nikonau\",\"@id\":\"https:\/\/www.insecurewi.re\/#\/schema\/person\/8ba08b41fc754b971a948ead6ccb777d\"},\"headline\":\"Cisco Wireless LAN Controller Access Point Certificate %DTLS-3-HANDSHAKE_FAILURE\",\"datePublished\":\"2020-01-14T08:02:23+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.insecurewi.re\/index.php\/2020\/01\/14\/cisco-wireless-lan-controller-access-point-dtls-3-handshake_failure\/\"},\"wordCount\":157,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\/\/www.insecurewi.re\/#organization\"},\"image\":{\"@id\":\"https:\/\/www.insecurewi.re\/index.php\/2020\/01\/14\/cisco-wireless-lan-controller-access-point-dtls-3-handshake_failure\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.insecurewi.re\/wp-content\/uploads\/2020\/01\/wlc.jpg\",\"keywords\":[\"Certificates\",\"Cisco\",\"Wireless\",\"WLC\"],\"articleSection\":[\"Cisco\",\"Wireless\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/www.insecurewi.re\/index.php\/2020\/01\/14\/cisco-wireless-lan-controller-access-point-dtls-3-handshake_failure\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.insecurewi.re\/index.php\/2020\/01\/14\/cisco-wireless-lan-controller-access-point-dtls-3-handshake_failure\/\",\"url\":\"https:\/\/www.insecurewi.re\/index.php\/2020\/01\/14\/cisco-wireless-lan-controller-access-point-dtls-3-handshake_failure\/\",\"name\":\"Cisco Wireless LAN Controller Access Point Certificate %DTLS-3-HANDSHAKE_FAILURE - Insecure Wire\",\"isPartOf\":{\"@id\":\"https:\/\/www.insecurewi.re\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.insecurewi.re\/index.php\/2020\/01\/14\/cisco-wireless-lan-controller-access-point-dtls-3-handshake_failure\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.insecurewi.re\/index.php\/2020\/01\/14\/cisco-wireless-lan-controller-access-point-dtls-3-handshake_failure\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.insecurewi.re\/wp-content\/uploads\/2020\/01\/wlc.jpg\",\"datePublished\":\"2020-01-14T08:02:23+00:00\",\"breadcrumb\":{\"@id\":\"https:\/\/www.insecurewi.re\/index.php\/2020\/01\/14\/cisco-wireless-lan-controller-access-point-dtls-3-handshake_failure\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.insecurewi.re\/index.php\/2020\/01\/14\/cisco-wireless-lan-controller-access-point-dtls-3-handshake_failure\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.insecurewi.re\/index.php\/2020\/01\/14\/cisco-wireless-lan-controller-access-point-dtls-3-handshake_failure\/#primaryimage\",\"url\":\"https:\/\/www.insecurewi.re\/wp-content\/uploads\/2020\/01\/wlc.jpg\",\"contentUrl\":\"https:\/\/www.insecurewi.re\/wp-content\/uploads\/2020\/01\/wlc.jpg\",\"width\":749,\"height\":410,\"caption\":\"WLC\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.insecurewi.re\/index.php\/2020\/01\/14\/cisco-wireless-lan-controller-access-point-dtls-3-handshake_failure\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.insecurewi.re\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Cisco Wireless LAN Controller Access Point Certificate %DTLS-3-HANDSHAKE_FAILURE\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.insecurewi.re\/#website\",\"url\":\"https:\/\/www.insecurewi.re\/\",\"name\":\"Insecure Wire\",\"description\":\"A Network Engineer\u2019s Perspective.\",\"publisher\":{\"@id\":\"https:\/\/www.insecurewi.re\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.insecurewi.re\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.insecurewi.re\/#organization\",\"name\":\"Insecure Wire\",\"url\":\"https:\/\/www.insecurewi.re\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.insecurewi.re\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.insecurewi.re\/wp-content\/uploads\/2023\/10\/cloud.png\",\"contentUrl\":\"https:\/\/www.insecurewi.re\/wp-content\/uploads\/2023\/10\/cloud.png\",\"width\":32,\"height\":32,\"caption\":\"Insecure Wire\"},\"image\":{\"@id\":\"https:\/\/www.insecurewi.re\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/x.com\/insecurewire\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.insecurewi.re\/#\/schema\/person\/8ba08b41fc754b971a948ead6ccb777d\",\"name\":\"nikonau\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.insecurewi.re\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/2d1b9d9dc90da4f6d3da31b870f418c6b3553ba9be48d53e8ee3a35b0adb1d35?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/2d1b9d9dc90da4f6d3da31b870f418c6b3553ba9be48d53e8ee3a35b0adb1d35?s=96&d=mm&r=g\",\"caption\":\"nikonau\"},\"sameAs\":[\"https:\/\/x.com\/https:\/\/twitter.com\/insecurewire\"],\"url\":\"https:\/\/www.insecurewi.re\/index.php\/author\/nikon\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Cisco Wireless LAN Controller Access Point Certificate %DTLS-3-HANDSHAKE_FAILURE - Insecure Wire","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.insecurewi.re\/index.php\/2020\/01\/14\/cisco-wireless-lan-controller-access-point-dtls-3-handshake_failure\/","og_locale":"en_US","og_type":"article","og_title":"Cisco Wireless LAN Controller Access Point Certificate %DTLS-3-HANDSHAKE_FAILURE - Insecure Wire","og_description":"I recently troubleshooted an issue wherein our Wireless LAN Controller was dropping access point connections. A quick look at the syslog of the WLC revealed...","og_url":"https:\/\/www.insecurewi.re\/index.php\/2020\/01\/14\/cisco-wireless-lan-controller-access-point-dtls-3-handshake_failure\/","og_site_name":"Insecure Wire","article_published_time":"2020-01-14T08:02:23+00:00","og_image":[{"width":749,"height":410,"url":"https:\/\/www.insecurewi.re\/wp-content\/uploads\/2020\/01\/wlc.jpg","type":"image\/jpeg"}],"author":"nikonau","twitter_card":"summary_large_image","twitter_creator":"@https:\/\/twitter.com\/insecurewire","twitter_site":"@insecurewire","twitter_misc":{"Written by":"nikonau","Est. reading time":"1 minute"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.insecurewi.re\/index.php\/2020\/01\/14\/cisco-wireless-lan-controller-access-point-dtls-3-handshake_failure\/#article","isPartOf":{"@id":"https:\/\/www.insecurewi.re\/index.php\/2020\/01\/14\/cisco-wireless-lan-controller-access-point-dtls-3-handshake_failure\/"},"author":{"name":"nikonau","@id":"https:\/\/www.insecurewi.re\/#\/schema\/person\/8ba08b41fc754b971a948ead6ccb777d"},"headline":"Cisco Wireless LAN Controller Access Point Certificate %DTLS-3-HANDSHAKE_FAILURE","datePublished":"2020-01-14T08:02:23+00:00","mainEntityOfPage":{"@id":"https:\/\/www.insecurewi.re\/index.php\/2020\/01\/14\/cisco-wireless-lan-controller-access-point-dtls-3-handshake_failure\/"},"wordCount":157,"commentCount":0,"publisher":{"@id":"https:\/\/www.insecurewi.re\/#organization"},"image":{"@id":"https:\/\/www.insecurewi.re\/index.php\/2020\/01\/14\/cisco-wireless-lan-controller-access-point-dtls-3-handshake_failure\/#primaryimage"},"thumbnailUrl":"https:\/\/www.insecurewi.re\/wp-content\/uploads\/2020\/01\/wlc.jpg","keywords":["Certificates","Cisco","Wireless","WLC"],"articleSection":["Cisco","Wireless"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.insecurewi.re\/index.php\/2020\/01\/14\/cisco-wireless-lan-controller-access-point-dtls-3-handshake_failure\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/www.insecurewi.re\/index.php\/2020\/01\/14\/cisco-wireless-lan-controller-access-point-dtls-3-handshake_failure\/","url":"https:\/\/www.insecurewi.re\/index.php\/2020\/01\/14\/cisco-wireless-lan-controller-access-point-dtls-3-handshake_failure\/","name":"Cisco Wireless LAN Controller Access Point Certificate %DTLS-3-HANDSHAKE_FAILURE - Insecure Wire","isPartOf":{"@id":"https:\/\/www.insecurewi.re\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.insecurewi.re\/index.php\/2020\/01\/14\/cisco-wireless-lan-controller-access-point-dtls-3-handshake_failure\/#primaryimage"},"image":{"@id":"https:\/\/www.insecurewi.re\/index.php\/2020\/01\/14\/cisco-wireless-lan-controller-access-point-dtls-3-handshake_failure\/#primaryimage"},"thumbnailUrl":"https:\/\/www.insecurewi.re\/wp-content\/uploads\/2020\/01\/wlc.jpg","datePublished":"2020-01-14T08:02:23+00:00","breadcrumb":{"@id":"https:\/\/www.insecurewi.re\/index.php\/2020\/01\/14\/cisco-wireless-lan-controller-access-point-dtls-3-handshake_failure\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.insecurewi.re\/index.php\/2020\/01\/14\/cisco-wireless-lan-controller-access-point-dtls-3-handshake_failure\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.insecurewi.re\/index.php\/2020\/01\/14\/cisco-wireless-lan-controller-access-point-dtls-3-handshake_failure\/#primaryimage","url":"https:\/\/www.insecurewi.re\/wp-content\/uploads\/2020\/01\/wlc.jpg","contentUrl":"https:\/\/www.insecurewi.re\/wp-content\/uploads\/2020\/01\/wlc.jpg","width":749,"height":410,"caption":"WLC"},{"@type":"BreadcrumbList","@id":"https:\/\/www.insecurewi.re\/index.php\/2020\/01\/14\/cisco-wireless-lan-controller-access-point-dtls-3-handshake_failure\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.insecurewi.re\/"},{"@type":"ListItem","position":2,"name":"Cisco Wireless LAN Controller Access Point Certificate %DTLS-3-HANDSHAKE_FAILURE"}]},{"@type":"WebSite","@id":"https:\/\/www.insecurewi.re\/#website","url":"https:\/\/www.insecurewi.re\/","name":"Insecure Wire","description":"A Network Engineer\u2019s Perspective.","publisher":{"@id":"https:\/\/www.insecurewi.re\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.insecurewi.re\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.insecurewi.re\/#organization","name":"Insecure Wire","url":"https:\/\/www.insecurewi.re\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.insecurewi.re\/#\/schema\/logo\/image\/","url":"https:\/\/www.insecurewi.re\/wp-content\/uploads\/2023\/10\/cloud.png","contentUrl":"https:\/\/www.insecurewi.re\/wp-content\/uploads\/2023\/10\/cloud.png","width":32,"height":32,"caption":"Insecure Wire"},"image":{"@id":"https:\/\/www.insecurewi.re\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/insecurewire"]},{"@type":"Person","@id":"https:\/\/www.insecurewi.re\/#\/schema\/person\/8ba08b41fc754b971a948ead6ccb777d","name":"nikonau","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.insecurewi.re\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/2d1b9d9dc90da4f6d3da31b870f418c6b3553ba9be48d53e8ee3a35b0adb1d35?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/2d1b9d9dc90da4f6d3da31b870f418c6b3553ba9be48d53e8ee3a35b0adb1d35?s=96&d=mm&r=g","caption":"nikonau"},"sameAs":["https:\/\/x.com\/https:\/\/twitter.com\/insecurewire"],"url":"https:\/\/www.insecurewi.re\/index.php\/author\/nikon\/"}]}},"_links":{"self":[{"href":"https:\/\/www.insecurewi.re\/index.php\/wp-json\/wp\/v2\/posts\/481","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.insecurewi.re\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.insecurewi.re\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.insecurewi.re\/index.php\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.insecurewi.re\/index.php\/wp-json\/wp\/v2\/comments?post=481"}],"version-history":[{"count":0,"href":"https:\/\/www.insecurewi.re\/index.php\/wp-json\/wp\/v2\/posts\/481\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.insecurewi.re\/index.php\/wp-json\/wp\/v2\/media\/482"}],"wp:attachment":[{"href":"https:\/\/www.insecurewi.re\/index.php\/wp-json\/wp\/v2\/media?parent=481"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.insecurewi.re\/index.php\/wp-json\/wp\/v2\/categories?post=481"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.insecurewi.re\/index.php\/wp-json\/wp\/v2\/tags?post=481"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}