Failed to obtain local certificates
Symptom
No local certificates can be obtained.
Analysis
The network connection is down.
No CA certificate has been obtained before you try to obtain local certificates.
The LDAP server is not configured or is incorrectly configured.
No key pair is specified for the PKI domain for certificate request, or the specified key pair does not match the local certificates to the obtained.
The PKI domain does not reference the PKI entity configuration, or the PKI entity configuration is incorrect.
CRL checking is enabled, but CRLs do not exist locally or CRLs cannot be obtained.
The CA server does not accept the source IP address specified in the PKI domain, or the source IP address is incorrect.
The system time of the device is not synchronized with the CA server.
Solution
Check for and fix any network connection problems.
Obtain or import the CA certificate.
Configure the correct LDAP server.
Specify the key pair used for certificate request in the PKI domain, or remove the existing key pair and submit a certificate request again.
Check the registration policy on the CR or RA, and make sure the attributes of the PKI entity meet the policy requirements.
Obtain the CRL from the CRL repository.
Specify the correct source IP address that the CA server can accept. For the correct settings, contact the CA administrator.
Synchronize the system time of the device with the CA server.
If the problem persists, contact Hewlett Packard Enterprise Support.