272
Failed to obtain the CA certificate
Symptom
The CA certificate cannot be obtained.
Analysis
•
The network connection is down, for example, because the network cable is damaged or the
connectors have bad contact.
•
No trusted CA is specified.
•
The certificate request URL is incorrect or not specified.
•
The system time of the device is not synchronized with the CA server.
•
The CA server does not accept the source IP address specified in the PKI domain, or no source
IP address is specified.
•
The fingerprint of the root CA certificate is illegal.
Solution
1.
Fix the network connection problems, if any.
2.
Configure the trusted CA and all other required parameters in the PKI domain.
3.
Use the
ping
command to verify that the CA server is reachable.
4.
Synchronize the system time of the device with the CA server.
5.
Specify the correct source IP address that the CA server can accept. For the correct settings,
contact the CA administrator.
6.
Verify the fingerprint of the CA certificate on the CA server.
7.
If the problem persists, contact Hewlett Packard Enterprise Support.
Failed to obtain local certificates
Symptom
The local certificates can be obtained.
Analysis
•
The network connection is down.
•
The PKI domain does not have a CA certificate before you submit the local certificate request.
•
The LDAP server is not configured or is incorrectly configured.
•
No key pair is specified for certificate request in the PKI domain, or the specified key pair does
not match the one contained in the local certificates to the obtained.
•
No PKI entity is configured in the PKI domain, or the PKI entity configuration is incorrect.
•
CRL checking is enabled, but the PKI domain does not have a CRL and cannot obtain one.
•
The CA server does not accept the source IP address specified in the PKI domain, or no source
IP address is specified.
•
The system time of the device is not synchronized with the CA server.
Solution
1.
Fix the network connection problems, if any..
2.
Obtain or import the CA certificate.
3.
Configure the correct LDAP server parameters.
Summary of Contents for 10500 series
Page 326: ...312 No duration limit for this SA ...