Failed to request local certificates
Symptom
Local certificate requests cannot be submitted.
Analysis
The network connection is down, for example, because the network cable is damaged or the connectors have bad contact.
The PKI domain does not have a CA certificate before the local certificate request is submitted.
The certificate request URL is incorrect or is not specified.
The certificate request reception authority is incorrect or is not specified.
Required PKI entity parameters are not configured or are incorrectly configured.
No key pair is specified in the PKI domain for certificate request, or the key pair is changed during a certificate request process.
Exclusive certificate request applications are running in the PKI domain.
The CA server does not accept the source IP address specified in the PKI domain, or no source IP address is specified.
The system time of the device is not synchronized with the CA server.
Solution
Fix the network connection problems, if any.
Obtain or import the CA certificate.
Use the ping command to verify that the registration server is reachable.
Use the certificate request from command to specify the correct certificate request reception authority.
Configure the PKI entity parameters as required by the registration policy on the CA or RA.
Specify the key pair for certificate request, or remove the existing key pair, specify a new key pair, and submit a local certificate request again.
Use the pki abort-certificate-request domain command to abort the certificate request.
Specify the correct source IP address that the CA server can accept. For the correct settings, contact the CA administrator.
Synchronize the system time of the device with the CA server.
If the problem persists, contact Hewlett Packard Enterprise Support.