1236
C
97: PKI C
HAPTER
Failed to Request a Local
Certificate
Failed to Retrieve CRLs
ONFIGURATION
Symptom
Failed to request a local certificate.
Analysis
Possible reasons include these:
The network connection is not proper. For example, the network cable may be
■
damaged or loose.
No CA certificate has been retrieved.
■
The current key pair has been bound to a certificate.
■
No trusted CA is specified.
■
The URL of the enrollment server for certificate request is not correct or not
■
configured.
No RA is configured.
■
Some required parameters of the entity DN are not configured.
■
Solution
Make sure that the network connection is physically proper.
■
Retrieve a CA certificate.
■
Regenerate a key pair.
■
Specify a trusted CA.
■
Use the ping command to check that the RA server is reachable.
■
Configure the RA for certificate request.
■
Configure the required entity DN parameters.
■
Symptom
Failed to retrieve CRLs.
Analysis
Possible reasons include these:
The network connection is not proper. For example, the network cable may be
■
damaged or loose.
No CA certificate has been retrieved before you try to retrieve CRLs.
■
The IP address of LDAP server is not configured.
■
The URL for CRL distribution is not configured.
■
The LDAP server version is wrong.
■
Solution
Make sure that the network connection is physically proper.
■
Retrieve a CA certificate.
■
Specify the IP address of the LADP server.
■
Specify the URL for CRL distribution.
■
Re-configure the LDAP version.
■