Operation Manual – PKI
H3C S5500-EI Series Ethernet Switches
1.13.2 Failed to Request a Local Certificate
I. Symptom
Failed to request a local certificate.
II. Analysis
Possible reasons include these:
The network connection is not proper. For example, the network cable may be
damaged or loose.
No CA certificate has been retrieved.
The current key pair has been bound to a certificate.
No trusted CA is specified.
The URL of the enrollment server for certificate request is not correct or not
configured.
No RA is configured.
Some required parameters of the entity DN are not configured.
III. Solution
Make sure that the network connection is physically proper.
Retrieve a CA certificate.
Regenerate a key pair.
Specify a trusted CA.
Use the ping command to check that the RA server is reachable.
Configure the RA for certificate request.
Configure the required entity DN parameters.
1.13.3 Failed to Retrieve CRLs
I. Symptom
Failed to retrieve CRLs.
II. Analysis
Possible reasons include these:
The network connection is not proper. For example, the network cable may be
damaged or loose.
No CA certificate has been retrieved before you try to retrieve CRLs.
The IP address of LDAP server is not configured.
The URL for CRL distribution is not configured.
The LDAP server version is wrong.
1-22
Chapter 1 PKI Configuration