3Com Switch 8800 Family IPsec Module Configuration and Command reference Guide
Troubleshooting Certificates 203
Troubleshooting
Certificates
Symptom 1: Failure to
retrieve certificates
Solution: the following reasons may cause failure to deliver CA certificate requests
manually;
1 Software
■ No trustworthy CA name is set.
■ URL of the registration server is wrong or not configured. You can use the ping
command to test the server’s connectivity.
■ No RA is specified.
2 Hardware
■ Check whether there is something wrong with the network connection, such
as the cable is broken or the connectors are loose.
Symptom 2: Failure to
Apply for Local
Certificates
Solution: the following reasons may cause the failure to send manual certificate
requests after configuring PKI domain parameters and entity DN for the security
gateway and creating new RSA key pairs.
1 Software
■ You do not have CA/RA certificates before certificate requests.
■ No key pair is created or the current key pair has already had its certificate.
■ No trustworthy CA name is specified.
■ URL of the registration server is wrong or not configured. You can use the ping
command to test the server’s connectivity.
■ No RA is specified.
■ The required attributes for entity DN are not configured. You can select the
related attributes through checking the CA/RA registration policy and then
configure them.
2 Hardware
■ Check whether there is something wrong with the network connection, such
as the cable is broken or the connectors are loose.
Symptom 3: Failure to
Retrieve CRL
Solution: the following reasons may cause failure to retrieve CRL.
1 Software
■ You do no have local certificates before retrieving CRL.
■ The IP address of the LDAP server is not set.
■ CRL distribution point location is not specified.
■ The version of LDAP server is wrong.
2 Hardware
■ Check whether there is something wrong with the network connection, such
as the cable is broken or the connectors are loose.