PKI/4/GET_CA_CHAIN_ERR

Message

PKI/4/GET_CA_CHAIN_ERR: Realm [realm-name] failed to obtain the CA certificate chain through [protocol].

Failed to obtain the CA certificate chain through the realm.

Parameter Name	Parameter Meaning
realm-name	Specifies the name of a PKI realm.
protocol	Specifies the protocol type as SCEP.

The link between the device and CA server is Down.
The PKI configuration is incorrect.
The storage space is insufficient.
The CA server is not working properly.
The CA server does not support the function of obtaining the CA certificate chain.
The CA certificate chain file does not exist in the CA server.

Run the ping command to check whether the link between the device and certificate server is reachable.
- If not, ensure that the network configurations, including interfaces and IP addresses, are correct.
- If so, go to step 2.
Run the dir command in the user view to check whether the storage space of the device is full.
- If so, run the delete command in the user view to delete unnecessary files.
- If not go to step 3.
Run the display pki realm command in any view to check whether the PKI configurations are correct, including the CA associated with the PKI realm, CA certificate subject name, URL, and digital fingerprint algorithm of the CA certificate.
- If not, modify the configurations to ensure that they are correct.
- If so, go to step 4.
Check whether the certificate function of the CA server is valid.
- If not, ensure that the certificate function of the CA server is valid and the CA server supports the function of obtaining the CA certificate chain. If the CA does not support the function of obtaining the CA certificate chain, manually download the CA certificate chain to the device.
- If so, go to step 5.
Check whether the CA certificate chain file exists in the CA server.
- If not, ensure that the CA certificate chain file exists in the CA server.
- If so, go to step 6.
Collect required information and contact technical support personnel.