Solution, Failed to retrieve crls, Symptom – H3C Technologies H3C SecBlade LB Cards User Manual
Page 158: Analysis, Configuration guidelines
147
•
The network connection is not proper. For example, the network cable might be damaged or loose.
•
No CA certificate has been retrieved.
•
The current key pair has been bound to a certificate.
•
No trusted CA is specified.
•
The URL of the registration server for certificate request is not correct or not configured.
•
No authority is specified for certificate request.
•
Some required parameters of the entity DN are not configured.
Solution
1.
Make sure the network connection is physically proper.
2.
Retrieve a CA certificate.
3.
Regenerate a key pair.
4.
Specify a trusted CA.
5.
Use the ping command to verify that the RA server is reachable.
6.
Specify the authority for certificate request.
7.
Configure the required entity DN parameters.
Failed to retrieve CRLs
Symptom
Failed to retrieve CRLs.
Analysis
Possible reasons include:
•
The network connection is not proper. For example, the network cable might be damaged or loose.
•
No CA certificate has been retrieved before you try to retrieve CRLs.
•
The IP address of LDAP server is not configured.
•
The CRL distribution URL is not configured.
•
The LDAP server version is wrong.
•
The domain name of the CRL distribution point failed to be resolved.
Solution
1.
Make sure the network connection is physically proper.
2.
Retrieve a CA certificate.
3.
Specify the IP address of the LDAP server.
4.
Specify the CRL distribution URL.
5.
Re-configure the LDAP version.
6.
Configure the correct DNS server that can resolve the domain name of the CRL distribution point.
Configuration guidelines
When you configure PKI, follow these guidelines: