248
{
The local certificate contains a public key that matches the locally stored key pair.
4.
Make sure the LDAP server address is contained in the CRL repository URL, or is configured in the
PKI domain.
5.
Make sure the CA server support publishing CRLs.
6.
Specify a correct source IP address that the CA server can accept. For the correct settings, contact
the CA administrator.
7.
If the problem persists, contact HP Support.
Failed to import the CA certificate
Symptom
The CA certificate cannot be imported.
Analysis
•
CRL checking is enabled, but the device does not have a locally stored CRL and cannot obtain one.
•
The specified format does not match the actual format of the file to be imported.
Solution
1.
Use
undo crl check enable
to disable CRL checking.
2.
Make sure the format of the imported file is correct.
3.
If the problem persists, contact HP Support.
Failed to import a local certificate
Symptom
A local certificate cannot be imported.
Analysis
•
The PKI domain does not have a locally stored CA certificate, and the certificate file to be imported
does not contain the CA certificate chain.
•
CRL checking is enabled, but the device does not have a locally stored CRL and cannot obtain one.
•
The specified format does not match the actual format of the file to be imported.
•
The device and the certificate do not have the local key pair.
•
The certificate has been revoked.
•
The certificate is out of the validity period.
•
The system time is wrong.
Solution
1.
Obtain or import the CA certificate.
2.
Use
undo crl check enable
to disable CRL checking, or obtain the CRL before you import
certificates.
3.
Make sure the format of the file to be imported is correct.
4.
Make sure the certificate file contains the private key.
5.
Make sure the certificate is not revoked.