Failed to obtain CRLs

Symptom

CRLs cannot be obtained.

Analysis

Solution

  1. Fix the network connection problems, if any.

  2. Obtain or import the CA certificate.

  3. If the URL of the CRL repository cannot be obtained, verify that the following conditions exist:

    • The URL for certificate request is valid.

    • A local certificate has been successfully obtained.

    • The local certificate contains a public key that matches the locally stored key pair.

  4. Make sure the LDAP server address is contained in the CRL repository URL, or is configured in the PKI domain.

  5. Make sure the CA server support publishing CRLs.

  6. Specify a correct source IP address that the CA server can accept. For the correct settings, contact the CA administrator.

  7. If the problem persists, contact Hewlett Packard Enterprise Support.