Troubleshooting PKI 1235
2 Configure the certificate attribute-based access control policy
# Create the certificate attribute-based access control policy of myacp and add
two access control rules.
[Switch] pki certificate access-control-policy myacp
[Switch-pki-cert-acp-myacp] rule 1 deny mygroup1
[Switch-pki-cert-acp-myacp] rule 2 permit mygroup2
[Switch-pki-cert-acp-myacp] quit
3 Apply the SSL server policy and certificate attribute-based access control policy to
HTTPS service and enable HTTPS service.
# Apply SSL server policy myssl to HTTPS service.
[Switch] ip https ssl-server-policy myssl
# Apply the certificate attribute-based access control policy of myacp to HTTPS
service.
[Switch] ip https certificate access-control-policy myacp
# Enable HTTPS service.
[Switch] ip https enable
Troubleshooting PKI
Failed to Retrieve a CA
Certificate
Symptom
Failed to retrieve a CA certificate.
Analysis
Possible reasons include these:
■ The network connection is not proper. For example, the network cable may be
damaged or loose.
■ No trusted CA is specified.
■ The URL of the enrollment server for certificate request is not correct or not
configured.
■ No RA is specified.
■ The system clock of the device is not synchronized with that of the CA.
Solution
■ Make sure that the network connection is physically proper.
■ Check that the required commands are configured properly.
■ Use the ping command to check that the RA server is reachable.
■ Configures the RA for certificate request.
■ Synchronize the system clock of the device with that of the CA.
To Next Page
Loading...
