Failed To Import A Local Certificate; Failed To Export Certificates - HPE FlexFabric 7900 Series Security Configuration Manual

Failed to import a local certificate

Symptom
A local certificate cannot be imported.
Analysis
•
The PKI domain does not have a locally stored CA certificate, and the certificate file to be
imported does not contain the CA certificate chain.
•
CRL checking is enabled, but the device does not have a locally stored CRL and cannot obtain
one.
•
The specified format does not match the actual format of the file to be imported.
•
The device and the certificate do not have the local key pair.
•
The certificate has been revoked.
•
The certificate is out of the validity period.
•
The system time is wrong.
Solution
1. Obtain or import the CA certificate.
2. Use undo crl check enable to disable CRL checking, or obtain the CRL before you import
certificates.
3. Make sure the format of the file to be imported is correct.
4. Make sure the certificate file contains the private key.
5. Make sure the certificate is not revoked.
6. Make sure the certificate is within the validity period.
7. Configure the correct system time for the device.
8. If the problem persists, contact Hewlett Packard Enterprise recommends Support.

Failed to export certificates

Symptom
Certificates cannot be exported.
Analysis
•
The PKI domain does not have local certificates when you export all certificates in PKCS12
format.
•
The specified export path does not exist.
•
The specified export path is invalid.
•
The public key of the local certificate to be exported does not match the public key in the key
pair of the PKI domain.
•
The storage space of the device is full.
Solution
1. Obtain or request local certificates.
2. Use mkdir to create the required path.
3. Specify a correct export path.
4. Configure the correct key pair in the PKI domain.
5. Clear up the storage space of the device.
97