IAP fails to connect to Activate server & shows the error "ASN no signer error to confirm failure"

MVP
MVP
Q:

IAP fails to connect to Activate server & shows the error "ASN no signer error to confirm failure"



A:

In this case, IAP is already configured  for the following :

  1. It can resolve/ping activate server.
  2. Clock is set up correctly.
  3. There is no firewall present on the network that is blocking the traffic between IAP & activate server.

However, when we check the ap-debug logs, we would see the following message:

show log ap-debug | include awc

awc[4028]: Failed to establish SSL connection: Error code is -1:ASN no signer error to confirm failure  

Explanation for the above error:

When IAP is trying to negotiate the SSL connection,it is unable to verify the activate server certificate.IAP does not have corresponding CA cert which would help it in validating the certificate presented by activate server.

This should ideally not happen as IAP-Activate SSL negotiation is based off factory certificates. Please report such issues to TAC team for further analysis.
 

Version history
Revision #:
2 of 2
Last update:
‎05-16-2018 04:25 AM
Updated by:
 
Labels (1)
Contributors
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: