Skip to end of metadata
Go to start of metadata

Error Code 43001

Problem
Failed to process request - certification profile attributes not found

Reason
This problem occurs when the certification profile does not find some or any of the attribute from the certification request or database.

Solution
Edit the specified profile using the ADSS Server Console and click the Update button so that all attributes can be stored in the database. Restart the certification service for the changes to take into effect.

Error Code 43002 

Problem
Failed to process request - certificate alias is missing in the request

Reason
This problem occurs when the alias is missing for the CREATE, REVOKE, RECOVER, CHANGEPASSWORD, RENEW, DELETE requests.

Note that this error only occurs when the request is sent over the Ascertia's XML protocol. You do not need to specify the alias for the CREATE request over CMC protocol.

Solution
Following are the possible solutions to this problem:

  • Provide the alias if it is a CREATE request
  • While you can also provide the certificate in the request if it is other than CREATE request

Error Code 43003 

Problem
Failed to process request - the request contains insufficient information

Reason
This problem occurs when any of the mandatory information is missing in any of the certification request types. e.g. old or new password is missing in the ChangePassword request.

Solution
Provide the missing information in the request in order to successfully process the request

Error Code 43004 

Problem
Failed to process request - the request contains an invalid old password for PKCS#12/PFX

Reason
This error occurs when the incorrect old password is provided in the ChangePassword request.

Solution
Provide the correct old password while processing the ChangePassword request to change the password of the PFX/PKCS#12

Error Code 43005 

Problem
Failed to verify PKCS#10 certificate a request

Reason
This error occurs when incorrect PKCS#10 is sent to ADSS Certification Service

Solution
|Provide the correct/valid PKCS#10 file in request to ADSS Certification Service

Error Code 43006 

Problem
Failed to process request - certificate alias does not belong to the specified client

Reason
This error occurs when the user specifies an alias in the REVOKE, RENEW, REVOKE, CHANGEPASSWORD, or RECOVER request and that certificate is issued by another client.

Solution
Provide the correct client in above mentioned requests if you want to proceed with any action

Error Code 43007 

Problem
Failed to process request - certificate does not belong to the specified client

Reason
This error occurs when the user puts the certificate in the REVOKE, RENEW, REVOKE, CHANGEPASSWORD, or RECOVER request and that certificate is issued by another client.

Solution
Provide the correct client in above mentioned requests if you want to proceed with any action

Error Code 43008 

Problem
Failed to process request - a certificate with ACTIVE status cannot be deleted

Reason
If "ENABLE_VALID_CERTIFICATE_DELETION" is set to FALSE in [ADSS-Server-Installation-Dir.]/conf/system.properties file then you can not delete a certificate issued by the local CA but a certificate issued by external CA can be deleted regardless of this property.

Solution
Following are the possible solutions to this problem:

  • Revoke the certificate instead of deleting if you do not wish to use this certificate anymore
  • If you wish to remove this certificate from the ADSS Server then set the "ENABLE_VALID_CERTIFICATE_DELETION" property to TRUE in [ADSS-Server-Installation-Dir.]/conf/system.properties file and restart the ADSS Server Service instance from Windows Services Panel or UNIX daemon to take the changes into effect and then execute the DELETE request.

Error Code 43009 

Problem
An internal error occurred while processing the request - see the certification service debug logs for details

Reason
This error occurs when any unseen event occurs while processing any type of certificate request.

Solution
Make sure that database and network are available and then retry with the request.

Error Code 43011 

Problem
Failed to process request - requested certificate alias already exists

Reason
This error occurs while processing the certificate creation request if certificate alias provided in the request already exists in the ADSS Certification Service.

Solution
Provide a different certificate alias to identify each certificate uniquely.

Error Code 43012 

Problem
Failed to delete certificate - see the certification service debug logs for details

Reason
This error occurs when the system fails to delete a certificate due any unseen affair. e.g. database became unavailable while deleting the certificate etc

Solution
Make sure that database and network is available and then retry to delete the certificate (NR)

Error Code 43013

Problem
An internal error occurred while authenticating/authorising the client request - see the certification service debug logs for details

Reason
This error occurs when the system is unable to authenticate the user request.

Solution
You need to make sure that:

  • The Client name is correct
  • Profile name is correct. It should be in the format adss:certification:profile:001 (NR)

Error Code 43014 

Problem
Failed to process request - certification service license is expired

Reason
This error occurs when the license for the service is expired. Expiry based on two factors, either the specified transactions count in the license is reached or the contractual time is elapsed.

Solution
Ask Ascertia Ltd. for a renewed license at: sales@ascertia.com.

Error Code 43015 

Problem
Failed to process request - certification service is stopped

Reason
This error occurs when certification service is stopped.

Solution
Start the certification service from Service Manager to entertain the certification service requests.
Note that if no certification profile exists in the system then service will not be started. You need to create a certification profile in order to start the service.

Error Code 43016 

Problem
Failed to process request - certification service is not enabled in license

Reason
This error occurs when you send a certification request to the service and it is not licensed according to the contract.

Solution
If you wish to enable this service in the license then contact Ascertia Ltd. at: sales@ascertia.com

Error Code 43017 

Problem
Failed to process request - a valid subject DN could not be composed

Reason
This error occurs when all attributes in Subject Distinguished Name field in certification profile is set overridable and the client does not provide any RDN in the request

Solution
Provide the subject DN in the certification request to get the certificate issued

Error Code 43018 

Problem
Failed to revoke certificate - see the certification service debug logs for details

Reason
This error occurs when the system fails to revoke a certificate due to any unseen affair. e.g. database became unavailable while inserting the revocation information etc

Solution
Make sure that database and network is available and then retry to revoke the certificate (NR)

Error Code 43019 

Problem
Failed to process request - the request must be signed

Reason
This error occurs when "Client request messages must be signed" checkbox is checked on the Certification Service > Service Manager page and client request is unsigned.

Solution
The solution to this problem is to send a signed certification request and the issuer of the signer certificate must be trusted in ADSS Server.

Error Code 43020

Problem
Failed to verify certification request signature

Reason

Solution

Error Code 43021 

Problem
Failed to process request - the request does not comply with Ascertia certification XML schema

Reason
This error occurs when user send the request to the certification and it is not according to the Ascertia's XML schema.

Solution
Make the request according to the schema. The schema for the certification service can be found at: <ADSS-Server-Installation-Dir.>/service/schemas directory.

Error Code 43022 

Problem
Failed to process request - certificate issued by an external CA cannot be revoked

Reason
This error occurs when the user tries to revoke a certificate that is issued by an external CA. External CA could be another instance of ADSS Server or Microsoft CA. You can not revoke a certificate in either case.

Solution
Send a direct revocation request to the ADSS Server or Microsoft CA because if front end ADSS Server revokes a certificate, it will not become the part of CRL.

Error Code 43023 

Problem
Failed to process request - certificate is already revoked

Reason
This error occurs when the user tries to revoke and already revoked the certificate.

Solution
Do not revoke the certificate anymore

Error Code 43024

Problem
Failed to change PKCS#12/PFX password - see the certification service debug logs for details

Reason
This error occurs when system fails to change the password of a certificate due any unseen affair. e.g. database became unavailable while updating the record after changing the password of PFX etc.

Solution
Make sure that database and network is available and then retry to change the password the PFX (NR)

Error Code 43025

Problem
Failed to process request - certificate issued by an external CA cannot be renewed

Reason

Solution

Error Code 43026 

Problem
Failed to process request - revoked certificate cannot be renewed

Reason
This error occurs when the user tries to renew a revoked certificate

Solution
Possible for this problem could be:

  • Reinstate the certificate if it is revoked with holdInstructionCode and then try to renew
  • Get a new certificate issued by the certification service

Error Code 43027 

Problem
Failed to process request - PKCS#10 CSR does not comply with the certification profile

Reason
This error occurs when the client application is sending a PKCS#10 CSR and it not compliant with certification profile e.g.

  • Key algorithm configured in the profile is different than the PKCS#10 algorithm. Also it is not marked as overridable.
  • Key size configured in the profile is different than the PKCS#10 key size. Also it is not marked as overridable.
  • Validity period configured in the profile is different than the PKCS#10 validity period. Also it is not marked as overridable.

Solution
Either send a PKCS#10 request according to the profile or mark the End-entity Key Type, End-entity Key Size and Validity Period overridable.

Error Code 43029

Problem
Failed to renew certificate the old key pair does not exist

Reason

Solution

Error Code 43030

Problem
Failed to save certificate in database - see the certification service debug logs for details

Reason
This error occurs when system fails to insert the record after certificate generation in database. e.g. database became unavailable while inserting the certificate etc

Solution
Make sure that database and network is available and then retry to generate the certificate (NR)

Error Code 43031 

Problem
Failed to process request - certificate is already on hold

Reason
This error occurs when one tries to revoke a certificate with holdInstructionCode that is already revoked with holdInstructionCode.

Solution
If you want to revoke this certificate permanently then use some other revocation reason code and if you want to make it active then send revoke request with removeFromCRL revocation reason.

Error Code 43032 

Problem
Failed to process request - certificate is not revoked

Reason
This error occurs when one tries to remove a certificate from the CRL with revocation reason "removeFromCRL" and the certificate is not in the CRL.

Solution
Nothing

Error Code 43033 

Problem
Failed to process request - invalid revocation reason or hold instruction code

Reason
This error occurs when the user is specifying an invalid revocation or hold instruction code in the certification request

Solution
Provide correct revocation or hold instruction code in the revocation request. Follow the link for correct revocation and hold instruction codes: Revocation Reason Codes

Error Code 43034 

Problem
Failed to process request - PKCS#12/PFX is not found in the database

Reason
This error occurs when PKCS#12 is not found in the database while renewing a certificate

Solution
This certificate cannot be renewed.

Error Code 43035 

Problem
Failed to process request - the request does not contain PKCS#12/PFX password

Reason
This error occurs when you are renewing a certificate and "Renew certificate using existing key pair" option is selected in the profile

Solution
Following are the possible solutions to this problem:

  • Provide the PFX is the request in order to renew the certificate or
  • Renew a certificate with a new key pair by selecting the option " Renew certificate using new key pair" in the profile

Error Code 43036

Problem
Invalid or unsupported CMC request type

Reason

Solution

Error Code 43037

Problem
Failed to generate serial number for CMC certificate - see the certification service debug logs for details

Reason
This problem occurs when ADSS Server fails to generate serial number for a CMC request certificate due to any internal error.

Solution
Restart the ADSS Certification Service from Service Manager and then resend the request for certification generation.

Error Code 43038

Problem
Failed to process request - issuer DN in the request does not match with issuer DN found in the certificate

Reason
This error occurs when issuer DN specified in the CMC revocation request does not match with the issuer DN found in the target certificate.

Solution
Correct the issuer DN in the request.

Error Code 43039 

Problem
Failed to process request - expired certificate cannot be revoked

Reason
This error occurs when the client tries to revoke an expired certificate

Solution
You can delete an expire certificate but can revoke it so send the DELETE request to the service if you do not want to keep within the system

Error Code 43040 

Problem
Failed to process request - revoked certificate cannot be renewed

Reason
This error occurs when the user tries to renew a revoked certificate

Solution
Possible for this problem could be:

  • Reinstate the certificate if it is revoked with holdInstructionCode and then try to renew
  • Get a new certificate issued by the certification service

Error Code 43041 

Problem
Failed to process request - Manage CAs module is not enabled in license

Reason
This error occurs when Manage CAs module that used to configure the CAs is not enabled in the license. If this module is not licensed then certification service cannot generate the certificate.

Solution
Ask Ascertia Ltd. for new license at sales@ascertia.com that have Manage CAs module enabled.

Error Code 43042 

Problem
Failed to authorise request - given profile is not allowed to the client

Reason
This error occurs when profile given in the certification request is not assigned to the client specified in the request.

Solution
There are two possible solutions to this error:

  • Use any of the profile that is assigned to the specified client
  • Assign this profile to this client from Client Manager if deemed necessary

Error Code 43043

Problem
Failed to authenticate client - SSL client authentication certificate does not match with the configured client authentication certificate

Reason
This error occurs when the user is sending the certification request over SSL client authentication and that certificate is different from the one configured in the Client Manager module for the target client.

Solution
Following are the possible solutions to this problem:

  • Use the correct SSL client authentication certificate that is configured in the Client Manager
  • Send the request over plain HTTP protocol using 8777 port

Error Code 43045

Problem
Invalid CMC enrolment request contents

Reason

Solution

Error Code 43046

Problem
Invalid CMC revocation request contents

Reason

Solution

Error Code 43047

Problem
Invalid PKCS#10 certificate signing request

Reason

Solution

Error Code 43048

Problem
Failed to process request - PKCS#10 CSR is missing in the request

Reason
This error occurs when certification profile is configured to accept PKCS#10 ($pkcs10 is set in the Subject Distinguished Name field of certification profile) from the client application and client does not provide the PKCS#10 in the certification request. Follow the link for more details to set the Subject Distinguished Name: Certification Service > Certification Profile

Solution
Provide the PKCS#10 in the certification request to issue the certificate

Error Code 43049 

Problem
Failed to process request - CA configured in the requested profile is inactive

Reason
This error occurs when the CA configured in the target certification profile is marked as inactive because an inactive CA cannot issue the certificates

Solution
Use a different profile in which an active CA is configured

Error Code 43050

Problem
Failed to authorise request - certification service is not allowed to this client

Reason
This error occurs when "Allow this client to access the ADSS Certification Service" in unchecked for the client specified in the request in Client Manager module

Solution
The solution to this problem is to check the above mentioned checkbox in Client Manager module, then restart the ADSS Certification Service for the changes to take into effect and then send the certification request.

Error Code 43051

Problem
Failed to process request - a certificate with NotYetValid status cannot be revoked

Reason
This error occurs when the user tries to revoke a certificate whose Valid From date is in future.

Solution
You need to wait for the certificate to get it validated.

Error Code 43052

Problem
Failed to process request - a certificate with NotYetValid status cannot be deleted

Reason
This error occurs when ENABLE_VALID_CERTIFICATE_DELETION = FALSE in [ADSS-Server-Dir.]/conf/system.properties file. It means that one cannot delete a valid certificate with status ACTIVE and NotYetValid. You can only delete the certificates with EXPIRE status

Solution
Following are the possible solutions for this problem:

  • Set the property ENABLE_VALID_CERTIFICATE_DELETION = TRUE in [ADSS-Server-Dir.]/conf/system.properties file -  restart the ADSS Server Service instance from the Windows Services Panel or UNIX daemon for the changes to take into effect and then send the DELETE request.
  • You can either revoke the certificate

Error Code 43053 

Problem
Failed to process request - certification service is not enabled in the system

Reason
This error occurs when property ENABLE_SERVICE = FALSE in [ADSS-Server-Dir.]/service/certification.properties file.

Solution
Set the property ENABLE_SERVICE = TRUE in [ADSS-Server-Dir.]/service/certification.properties file if you wish to enable this service.

Error Code 43054 

Problem
Failed to process request - key size is not supported

Reason
This error occurs when key size provided in the certification request is not supported by the ADSS Server.

Solution
Following are the supported key sizes by ADSS Server:

  • RSA: 1024, 2048, 3072, 4096
  • ECDSA: 192, 224, 256, 384, 521

Error Code  43055

Problem
Failed to authorise request - certification profile is inactive

Reason
This error occurs when the profile specified in the request is marked inactive. This error could also occur if no profile is specified in the request but default profile in the target client is marked as inactive.

Solution
Use any of the active profile

Error Code 43056

Problem
Failed to authorise request - certification profile does not exist

Reason 

This problem occurs when the certification profile specified in the request does not exist on ADSS Server.

Solution
Following are the possible resolutions for this problem:

  • Verify that profile ID/name is not misspelled. Profile ID should be in the format "adss:certification:profile:000"
  • Ask ADSS Server Console operator to create a new certification profile that you are using or
  • Use any of the existing certification profile in the request

Error Code 43058 

Problem
Failed to process request - subject DN in the request does not match subject DN pattern defined in certification profile

Reason
This error occurs when the checkbox "" is checked in the certification profile. When this checkbox is checked then service verifies that subject DN provided in the request matches the subject DN pattern defined in certification profile. Follow the link for more details about pattern matching: Certification Service > Certification Profile

Solution
Send the certification request according to the pattern defined in the target certification profile in order to get the certificate issued.

Error Code 43059 

Problem
Failed to process request - subject DN is missing in the request

Reason
This error occurs when certification profile is configured to accept any subject DN ($request is set in the Subject Distinguished Name field of certification profile) from the client application and client does not provide the subject DN in request. Follow the link for more details to set the Subject Distinguished Name: Certification Service > Certification Profile

Solution
Provide the subject DN in the certification request to issue the certificate.

Error Code 43060 

Problem
Failed to process request - default profile not configured and neither found in the request

Reason
This error occurs when no default certification profile is configured in the target client and neither provided through certification request.

Solution
Either configure a default profile against the target client or provide the profile ID/name in the certification request. Certification profile ID format is "adss:certification:profile:000" 

Error Code 91011 

Problem
Failed to process request - Requested certificate does not comply with CAs Certificate Policies

Reason
This error occurs when target certificate is expected to have a certificate policy which does not comply with CA's Certificate Policies.

Solution
Make sure that the target certificate template includes a policy which comply with CA's Certificate Policy. In order to define certificate policies consider below: 

Once policy is explicitly defined at 2nd level, all certificates below shall contain only valid policies. In other words, child CAs may define all or subset of policies defined in the 2nd level CA certificate. Certificates below cannot extend this list.

For further details on certificate policy validations see RFC 5280 Section 6.

  • No labels