Troubleshooting pki, Failed to retrieve a ca certificate, Symptom – H3C Technologies H3C WX6000 Series Access Controllers User Manual
Page 664: Analysis, Solution, Failed to request a local certificate
68-17
3) Configure the certificate attribute-based access control policy
# Create the certificate attribute-based access control policy of myacp and add two access control
rules.
[AC] pki certificate access-control-policy myacp
[AC-pki-cert-acp-myacp] rule 1 deny mygroup1
[AC-pki-cert-acp-myacp] rule 2 permit mygroup2
[AC-pki-cert-acp-myacp] quit
4) Apply the SSL server policy and certificate attribute-based access control policy to HTTPS service
and enable HTTPS service.
# Apply SSL server policy myssl to HTTPS service.
[AC] ip https ssl-server-policy myssl
# Apply the certificate attribute-based access control policy of myacp to HTTPS service.
[AC] ip https certificate access-control-policy myacp
# Enable HTTPS service.
[AC] ip https enable
Troubleshooting PKI
Failed to Retrieve a CA Certificate
Symptom
Failed to retrieve a CA certificate.
Analysis
Possible reasons include these:
z
The network connection is not proper. For example, the network cable may be damaged or loose.
z
No trusted CA is specified.
z
The URL of the enrollment server for certificate request is not correct or not configured.
z
No RA is specified.
z
The system clock of the AC is not synchronized with that of the CA.
Solution
z
Make sure that the network connection is physically proper.
z
Check that the required commands are configured properly.
z
Use the ping command to check that the RA server is reachable.
z
Configures the RA for certificate request.
z
Synchronize the system clock of the AC with that of the CA.
Failed to Request a Local Certificate
Symptom
Failed to request a local certificate.
Analysis
Possible reasons include these:
z
The network connection is not proper. For example, the network cable may be damaged or loose.
z
No CA certificate has been retrieved.