Problem is not specific to AP70's but for any legacy AP without a factory cert.
appears a controller will not provide them a switchcert if they already have one in flash that differs from what is defined in the whitelist-db.
So I'm attempting to setup a master cluster to allieviate this issue - as I understand it all members of the cluster will use the same cert as the root of the master - so this should allow any ap to move between any controller in the cluster and have the installed cert match what is being synced in the whitelist-db among cluster members.
Has anyone done this?
I've been testing it today and if anything it makes moving AP70's around worse - they seem to get stuck in the certificate process and hang.
I am running 6.1.3.2 so perhaps its a code version issue - but I'm curious if anyone has done this or has gotten any other form of redundancy to work with AP70's with cpsec enabled.
Travis