Table of Contents
Advertisement
3Com Router 3000 Ethernet Family
Configuration Guide
Note:
The configuration of IKE negotiation using PKI identity authentication is described
above. If you want to create an IPSec security channel to ensure communication
security, you also need to configure IPSec. Refer to the configuration tasks described
in chapters "IPSec Configuration" and "IKE Configuration".
9.6 Troubleshooting
9.6.1 Fault 1: Failing to Retrieve a CA Certificate
Troubleshooting: If you fail to obtain a CA certificate, the reasons might include:
1)
Software problems
No trustworthy CA is specified.
Server URL for the certificate request through SCEP is not correct or not
configured. You can check if the server is well connected by using the ping
command.
No RA is specified.
2)
Hardware problems
Network connection faults, such as broken network cable and loose interface.
9.6.2 Fault 2: Failing to Request a Local Certificate
Troubleshooting: If you fail to request a local certificate when the router has finished the
configuration of PKI domain parameters and entity DN, and has created a new RSA key
pair, the reasons might include:
1)
Software problems
No CA/RA certificate has been retrieved.
No key pair is created, or the current key pair has had a certificate.
No trustworthy CA is specified.
Server URL for the certificate request through SCEP is not correct or not
configured. You can check if the server is well connected by using the ping
command.
No certificate authority is configured.
The necessary attributes of entity DN are not configured. You can configure the
relevant attributes by checking CA/RA authentication policy.
2)
Hardware problems
Network connection faults, such as broken network cable and loose interface.
9.6.3 Fault 3: Failing to Retrieve a CRL
Troubleshooting: If you fail to retrieve a CRL, the reasons might include:
3Com Corporation
9-21
Chapter 9 PKI Configuration
Advertisement
Chapters
Table of Contents
Troubleshooting
