Failed To Request Local Certificates - HP MSR Series Configuration Manual
Hpe flexnetwork msr router series
Hide thumbs
Also See for MSR Series:
- Configuration manual (889 pages) ,
- Command reference manual (684 pages) ,
- Wan access configuration manual (293 pages)
Table of Contents
Advertisement
2.
Obtain or import the CA certificate.
3.
Configure the correct LDAP server.
4.
Specify the key pair used for certificate request in the PKI domain, or remove the existing key
pair and submit a certificate request again.
5.
Check the registration policy on the CR or RA, and make sure the attributes of the PKI entity
meet the policy requirements.
6.
Obtain the CRL from the CRL repository.
7.
Specify the correct source IP address that the CA server can accept. For the correct settings,
contact the CA administrator.
8.
Synchronize the system time of the device with the CA server.
9.
If the problem persists, contact Hewlett Packard Enterprise Support.
Failed to request local certificates
Symptom
Local certificate requests cannot be submitted.
Analysis
•
The network connection is down, for example, because the network cable is damaged or the
connectors have bad contact.
•
No CA certificate has been obtained before you submit the certificate request.
•
The certificate request URL is incorrect or is not specified.
•
The certificate request reception authority is incorrect or is not specified.
•
The required parameters are not configured for the PKI entity or are mistakenly configured.
•
No key pair is specified for the PKI domain for certificate request, or the key pair is changed
during a certificate request process.
•
Exclusive certificate request applications are running in the PKI domain.
•
The PKI domain is not specified with the source IP address that the CA server can accept, or is
specified with an incorrect one.
•
The system time of the device is not synchronized with the CA server.
Solution
1.
Check for and fix any network connection problems.
2.
Obtain or import the CA certificate.
3.
Use ping to verify that the registration server is reachable.
4.
Specify the correct certificate request URL.
5.
Check the registration policy on the CR or RA, and make sure the attributes of the PKI entity
meet the policy requirements.
6.
Specify the key pair used for certificate request in the PKI domain, or remove the key pair
specified in the PKI and submit a certificate request again.
7.
Use pki abort-certificate-request domain to abort the certificate request.
8.
Specify the correct source IP address that the CA server can accept. For the correct settings,
contact the CA administrator.
9.
Synchronize the system time of the device with the CA server.
10. If the problem persists, contact Hewlett Packard Enterprise Support.
282
- Quick Links:
- Configuring Local Users
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
