259
[Device-pki-cert-acp-myacp] quit
4. Apply the SSL server policy and certificate attribute-based access control policy to HTTPS service
and enable HTTPS service.
# Apply SSL server policy myssl to HTTPS service.
[Device] ip https ssl-server-policy myssl
# Apply the certificate attribute-based access control policy of myacp to HTTPS service.
[Device] ip https certificate access-control-policy myacp
# Enable HTTPS service.
[Device] ip https enable
Troubleshooting PKI
Failed to retrieve a CA certificate
Symptom
Failed to retrieve a CA certificate.
Analysis
Possible reasons include:
• The network connection is not proper. For example, the network cable might be damaged or loose.
• No trusted CA is specified.
• The URL of the registration server for certificate request is not correct or not configured.
• No authority is specified for certificate request.
• The system clock of the switch is not synchronized with that of the CA.
Solution
• Make sure that the network connection is physically proper.
• Check that the required commands are configured properly.
• Use the ping command to check that the RA server is reachable.
• Specify the authority for certificate request.
• Synchronize the system clock of the switch with that of the CA.
Failed to request a local certificate
Symptom
Failed to request a local certificate.
Analysis
Possible reasons include:
• The network connection is not proper. For example, the network cable might be damaged or loose.
• No CA certificate has been retrieved.
• The current key pair has been bound to a certificate.
• No trusted CA is specified.
To Next Page
Loading...
