R3721-F3210-F3171-HP High-End Firewalls VPN Configuration Guide-6PW101
319
• Synchronize the system clock of the device with that of the CA.
Failed to request a local certificate
Symptom
Failed to request a local certificate.
Analysis
Possible reasons include:
• The network connection is not proper. For example, the network cable might be damaged or loose.
• No CA certificate has been retrieved.
• The current key pair has been bound to a certificate.
• No trusted CA is specified.
• The URL of the registration server for certificate request is not correct or not configured.
• No authority is specified for certificate request.
• Some required parameters of the entity DN are not configured.
Solution
• Make sure that the network connection is physically proper.
• Retrieve a CA certificate.
• Regenerate a key pair.
• Specify a trusted CA.
• Use the ping command to check that the RA server is reachable.
• Specify the authority for certificate request.
• Configure the required entity DN parameters.
Failed to retrieve CRLs
Symptom
Failed to retrieve CRLs.
Analysis
Possible reasons include:
• The network connection is not proper. For example, the network cable might be damaged or loose.
• No CA certificate has been retrieved before you try to retrieve CRLs.
• The IP address of LDAP server is not configured.
• The CRL distribution URL is not configured.
• The LDAP server version is wrong.
Solution
• Make sure that the network connection is physically proper.
• Retrieve a CA certificate.
• Specify the IP address of the LDAP server.
• Specify the CRL distribution URL.