HP Comware 5 Debug Manual Vol 3

ManualsBrandsHP ManualsNetwork HardwareHP HSR6804 Router Chassis

221

222

223

224

225

226

227

228

229

230

O=hhh

OU=software

CN=sec

Verify result: ok

[Sysname]

%Aug 8 11:28:00:266 2006 Sysname PKI/4/Verify_Cert:Verify certificate CN=sec,OU=sof

tware,O=hhh,C=cn of the domain crt successfully.

*0.759266 Sysname PKI/7/PKI_Debug:Check the last certificate self signed.

*0.759282 Sysname PKI/7/PKI_Debug:Lookup certificate issuers and push into chain

*0.759282 Sysname PKI/7/PKI_Debug:Check certificates purpose.

*0.759282 Sysname PKI/7/PKI_Debug:Check certificates trust.

*0.759297 Sysname PKI/7/PKI_Debug:Verify certificate chain.

// The CA certificate passed validation.

#Enable PKI error debugging. When an incorrect URL is specified for certificate retrieval, output similar

to the following example is generated:

<Sysname> debugging pki error

[Sysname] pki retrieval-certificate ca domain crt

Retrieving CA/RA certificates. Please wait a while......

Get CA/RA certificates error.

[Sysname]

%Aug 21 10:35:15:766 2006 Sysname PKI/4/CA_Cert_Retrieval:Fail to retrieval CA

certificates of the domain crt.

*Aug 21 10:35:15:766 2006 Sysname PKI/7/PKI_Debug:SCEP receive message: Server returned

status code 200

*Aug 21 10:35:15:766 2006 Sysname PKI/7/PKI_Debug:SCEP receive message: wrong MIME content

type

*Aug 21 10:35:15:766 2006 Sysname PKI/7/PKI_Debug:Error while sending message

// The SCEP message received from the CA states that the URL is incorrect.

[Sysname-pki-domain-crt] display this

pki domain crt

ca identifier rsaSysname

certificate request url http://4.4.4.133:446/6953bf7fb5b1cf514376243ce67ebed12

certificate request from ca

certificate request entity crt

certificate request polling interval 5

certificate request polling count 5

certificate request mode auto password simple kkk

crl url http://4.4.4.133:447/security%20rsa.crl

ldap-server ip 4.4.4.133

return

[Sysname-pki-domain-crt] certificate request url

http://4.4.4.133:446/6953bf7fb5b1cf514376243ce67ebed1209c292a

[Sysname-pki-domain-crt] quit

[Sysname] pki retrieval-certificate ca domain crt

Retrieving CA/RA certificates. Please wait a while......

219