Failed to obtain local certificates
Symptom
The local certificates can be obtained.
Analysis
The network connection is down.
The PKI domain does not have a CA certificate before you submit the local certificate request.
The LDAP server is not configured or is incorrectly configured.
No key pair is specified for certificate request in the PKI domain, or the specified key pair does not match the one contained in the local certificates to the obtained.
No PKI entity is configured in the PKI domain, or the PKI entity configuration is incorrect.
CRL checking is enabled, but the PKI domain does not have a CRL and cannot obtain one.
The CA server does not accept the source IP address specified in the PKI domain, or no source IP address is specified.
The system time of the device is not synchronized with the CA server.
Solution
Fix the network connection problems, if any..
Obtain or import the CA certificate.
Configure the correct LDAP server parameters.
Specify the key pair for certificate request, or remove the existing key pair, specify a new key pair, and submit a local certificate request again.
Check the registration policy on the CA or RA, and make sure the attributes of the PKI entity meet the policy requirements.
Obtain the CRL from the CRL repository.
Specify the correct source IP address that the CA server can accept. For the correct settings, contact the CA administrator.
Synchronize the system time of the device with the CA server.
If the problem persists, contact Hewlett Packard Enterprise Support.