Troubleshooting Pki Configurationtroubleshooting Pki Configuration; Failed To Obtain The Ca Certificate; Failed To Request Local Certificates - HPE FlexNetwork MSR Series Comware 5 Security Configuration Manual

Troubleshooting PKI
configurationTroubleshooting PKI configuration

Failed to obtain the CA certificate

Symptom
The CA certificate cannot be retrieved.
Analysis
•
The network connection is down because, for example, the network cable is damaged or the
connectors have bad contact.
•
No trusted CA is specified.
•
The URL of the registration server is not correct or not specified.
•
The URL of the registration server for certificate request is not correct or not specified.
•
No authority is specified for certificate request.
•
The system time of the device is not synchronized with the CA.
Solution
1. Make sure the network connection is physically proper.
2. Check that the required commands are configured correctly.
3. Use the ping command to verify that the RA server is reachable.
4. Specify the authority for certificate request.
5. Synchronize the system time of the device with the CA server.

Failed to request local certificates

Symptom
Local certificate requests cannot be submitted.
Analysis
•
The network connection is down because, for example, the network cable is damaged or the
connectors have bad contact.
•
No CA certificate has been retrieved before you submit the certificate request.
•
The current key pair has been bound to a certificate.
•
No trusted CA is specified.
•
The URL of the registration server for certificate request is not correct or not configured.
•
No authority is specified for certificate request.
•
Some required parameters of the entity DN are not configured.
Solution
1. Make sure the network connection is physically proper.
2. Retrieve a CA certificate.
3. Regenerate a key pair.
4. Specify a trusted CA.
5. Use the ping command to verify that the RA server is reachable.
262