IKYP031E

Explanation
PKI Services is reading
the CertPolicy section of its configuration file (pkiserv.conf)
to find the signing algorithm. One of the following conditions occurred: The CA certificate key type does not match the signature algorithm
you specified with the SigAlg1 value in the CertPolicy section
of the pkiserv.conf configuration file.
The OID corresponding to the specified algorithm in the OIDs section
is incorrect or is not specified at all.

System action
PKI Services stops.

System programmer response
Make sure the SigAlg1 value
in the CertPolicy section and its corresponding OID value in
the OIDs section are correct and compatible with the CA certificate's
key type.
If the CA certificate key type is RSA, specify the SigAlg1 algorithm
value as one of the following:sha-1WithRSAEncryption (OID value 1.2.840.113549.1.1.5)
sha-256WithRSAEncryption (OID value 1.2.840.113549.1.1.11)
sha-384WithRSAEncryption (OID value 1.2.840.113549.1.1.12)
sha-512WithRSAEncryption (OID value 1.2.840.113549.1.1.13)
sha-224WithRSAEncryption (OID value 1.2.840.113549.1.1.14)
md-5WithRSAEncryption  (OID value 1.2.840.113549.1.1.4)
md-2WithRSAEncryption  (OID value 1.2.840.113549.1.1.2)

If the CA certificate key type is DSA, specify the SigAlg1 algorithm
value as follows:id-dsa-with-sha1 (OID value 1.2.840.10040.4.3)

If the CA certificate key type is ECC, specify the SigAlg1 algorithm
value as follows:ecdsa-with-sha1 (OID value 1.2.840.10045.4.1)
ecdsa-with-sha224 (OID value 1.2.840.10045.4.3.1)
ecdsa-with-sha256 (OID value 1.2.840.10045.4.3.2)
ecdsa-with-sha384 (OID value 1.2.840.10045.4.3.3)
ecdsa-with-sha512 (OID value 1.2.840.10045.4.3.4)

Correct the configuration values, and restart PKI Services. For more
information, see Updating the signature algorithm.