Failed To Request Local Certificates - HP FlexNetwork 10500 Series Security Configuration Manual
Hide thumbs
Also See for FlexNetwork 10500 Series:
- Configuration manual (512 pages) ,
- Specifications (42 pages) ,
- Datasheet (20 pages)
Table of Contents
Advertisement
4.
Specify the key pair for certificate request, or remove the existing key pair, specify a new key
pair, and submit a local certificate request again.
5.
Check the registration policy on the CA or RA, and make sure the attributes of the PKI entity
meet the policy requirements.
6.
Obtain the CRL from the CRL repository.
7.
Specify the correct source IP address that the CA server can accept. For the correct settings,
contact the CA administrator.
8.
Synchronize the system time of the device with the CA server.
9.
If the problem persists, contact Hewlett Packard Enterprise Support.
Failed to request local certificates
Symptom
Local certificate requests cannot be submitted.
Analysis
•
The network connection is down, for example, because the network cable is damaged or the
connectors have bad contact.
•
The PKI domain does not have a CA certificate before the local certificate request is submitted.
•
The certificate request URL is incorrect or is not specified.
•
The certificate request reception authority is incorrect or is not specified.
•
Required PKI entity parameters are not configured or are incorrectly configured.
•
No key pair is specified in the PKI domain for certificate request, or the key pair is changed
during a certificate request process.
•
Exclusive certificate request applications are running in the PKI domain.
•
The CA server does not accept the source IP address specified in the PKI domain, or no source
IP address is specified.
•
The system time of the device is not synchronized with the CA server.
Solution
1.
Fix the network connection problems, if any.
2.
Obtain or import the CA certificate.
3.
Use the ping command to verify that the registration server is reachable.
4.
Use the certificate request from command to specify the correct certificate request reception
authority.
5.
Configure the PKI entity parameters as required by the registration policy on the CA or RA.
6.
Specify the key pair for certificate request, or remove the existing key pair, specify a new key
pair, and submit a local certificate request again.
7.
Use the pki abort-certificate-request domain command to abort the certificate request.
8.
Specify the correct source IP address that the CA server can accept. For the correct settings,
contact the CA administrator.
9.
Synchronize the system time of the device with the CA server.
10. If the problem persists, contact Hewlett Packard Enterprise Support.
273
Advertisement
Table of Contents
Troubleshooting
