Failed To Import The Ca Certificate - HPE FlexNetwork 5510 HI Series Security Configuration Manual
Hide thumbs
Also See for FlexNetwork 5510 HI Series:
- Configuration manual (572 pages) ,
- Mpls configuration manual (505 pages) ,
- Layer 3 - ip routing configuration manual (486 pages)
Table of Contents
Advertisement
Analysis
•
The network connection is down, for example, because the network cable is damaged or the
connectors have bad contact.
•
No CA certificate has been obtained before you try to obtain CRLs.
•
The URL of the CRL repository is not configured and cannot be obtained from the CA certificate
or local certificates in the PKI domain.
•
The specified URL of the CRL repository is incorrect.
•
The device tries to obtain CRLs through SCEP, but experiences the following problems:
The PKI domain does not have local certificates.
The key pairs in the certificates have been changed.
The PKI domain has incorrect URL for certificate request.
•
The specified URL of the CRL repository does not contain the host name or IP address, and the
LDAP server is incorrect or is not specified in the PKI domain.
•
The CA does not issue CRLs.
•
The PKI domain is not specified with the source IP address that the CA server can accept, or is
specified with an incorrect one.
Solution
1.
Check for and fix any network connection problems.
2.
Obtain or import the CA certificate.
3.
If the URL of the CRL repository cannot be obtained, verify that the following conditions exist:
The URL for certificate request is valid.
A local certificate has been successfully obtained.
The local certificate contains a public key that matches the locally stored key pair.
4.
Make sure the LDAP server address is contained in the CRL repository URL, or is configured in
the PKI domain.
5.
Make sure the CA server support publishing CRLs.
6.
Specify a correct source IP address that the CA server can accept. For the correct settings,
contact the CA administrator.
7.
If the problem persists, contact Hewlett Packard Enterprise Support.
Failed to import the CA certificate
Symptom
The CA certificate cannot be imported.
Analysis
•
CRL checking is enabled, but the device does not have a locally stored CRL and cannot obtain
one.
•
The specified format does not match the actual format of the file to be imported.
Solution
1.
Use undo crl check enable to disable CRL checking.
2.
Make sure the format of the imported file is correct.
3.
If the problem persists, contact Hewlett Packard Enterprise Support.
256
- Quick Links:
- Radius
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
