Messages and codes returned from the CMP functions

Most messages are returned to the caller as a CMP error response. In addition, all messages are echoed to the CGI program error log in the format:
date time pkicmp-> function: (error code) message text
For example:
Wed Oct 28 09:34:12 2009 pkicmp->processNotDays: (577) NotBefore date supplied is invalid(date is before today).
Table 1. CMP error codes
Error code Explanation
 
Note: Error codes 06 - 99 are the reason codes from the RACF® IRRSPX00 callable service.
06 Request queue serialization timeout occurred.
08 Request denied, not authorized.
12 An internal error has occurred during RACF processing.
20 Function code specified is not defined.
28 Certificate generation provider not available for specified CA domain
32 Incorrect value specified for CA domain.
40 Incorrect Reason Specified.
52 Parameter has an incorrect value.
56 Required field is missing from request.
60 Certificate generation provider error.
64 SerialNum has an incorrect length.
72 The status of the certificate has been changed by another process.
76 Conflicting fields names in CertPlist.
99 General error for other RACF callable service IRRSPX00 errors.
510 (510) Base64 decode of input message failed, error=error-code
511 (511) Base64 encode of output message failed, error=0xhex-error code
512 (512) Storage allocation failed (client certificate storage:error-code)
513 (513) Error occurred, HTTP access is forbidden.
514 (514) Error occurred, HTTP method was HTTP method name instead of POST.
515 (515) Failed to create CMP response message.
516 (516) Unsupported TCP Message protocol version.
517 (517) Unsupported TCP Message message type.
518 (518) Error occurred attempting to read the HTTP input message
519 (519) Unsupported CMP message type: CMP message type specified
520 (520) Key size (envar name envar) of envar value is not a multiple of {2 | 256}.
521 (521) Key size (envar name envar) of envar value is not valid for {RSA | secure RSA | NISTECC | BPECC} keys, must be {between 512-4096 | 1024-4096 | 192, 224, 256, 384, or 521 | 160, 192, 224, 256, 320, 384, or 512}.
522 (522) Storage allocation failed element:size
523 (523) HonorClientDates (envar name envar) value of envar value is not numeric.
524 (524) HonorClientDates (envar name envar) value of envar value is not valid, expected 0 or 1.
525 (525) notBefore (envar name envar) value of envar value is not numeric.
526 (526) notAfter (envar name envar) value of envar value is not numeric.
527 (527) HonorClientCerts (envar name envar) value of envar value is not numeric.
528 (528) HonorClientCerts (envar name envar) value of envar value invalid, should be 0-5.
529 (529) HonorClientExts (envar name envar) value of envar value is not numeric.
530 (530) HonorClientExts (envar name envar) value of envar value invalid, should be 0 or 1.
531 (531) CMP Envar envar name value is not valid, expected {valid values}
533 (533) CMP Envar envar name missing in config file.
534 (534) CMP Envar envar name value of envar value is not numeric.
535 (535) CMP Envar envar1 name with value of envar1 value <= envar2 name with value of envar2 value.
536 (536) Key size (envar name envar)not specified, defaulting to default key size value.
537 (537) Key size (envar name envar) of Key size value specified is not numeric.
538 (538) KeyType (envar name envar) of KeyType value specified is not valid.
539 (539) envar name envar value length is greater than the maximum length of maximum length.
543 (543) request.extraCerts[index value].write() failed, status=error code
544 (544) gsk_decode_certificate failed, error code=0xSystem SSL error code - System SSL brief error description
545 (545) gsk_decode_base64 failed, error code=0xSystem SSL error code - System SSL brief error description
547 (547) gsk_open_keyring() failed: Error 0xSystem SSL error code - System SSL brief error description
548 (548) gsk_decode_certificate failed, error code=0xSystem SSL error code - System SSL brief error description
549 (549) gsk_get_record_by_index() failed: Error 0xSystem SSL error code - System SSL brief error description
550 (550) Specified Keyring Keyring name contains no certificates
553 (553) gsk_decode_import_certificate failed, error code=0xSystem SSL error code - System SSL brief error description
554 (554) gsk_encode_private_key, error code=0xSystem SSL error code - System SSL brief error description
555 (555) gsk_make_enveloped_data_msg_extended failed, error code=0xSystem SSL error code - System SSL brief error description
556 (556) gsk_encode_export_certificate failed, error code=0xSystem SSL error code - System SSL brief error description
557 (557) gsk_construct_private_key_rsa failed, error code=0xSystem SSL error code - System SSL brief error description
558 (558) gsk_construct_public_key[ECC] failed, error code=0xSystem SSL error code - System SSL brief error description
559 (559) gsk_modify_pkcs11_key_label failed, error code=0xSystem SSL error code - System SSL brief error description
560 (560) gsk_make_enveloped_private_key_msg error failed, error code=0xSystem SSL error code -System SSL brief error description
562 (562) Triple Des Algorithm not available, using Single Des.
563 (563) Gencert succeeded, But no Transaction ID returned.
573 (573) Could not decode CMP message.
576 (576) Missing ImplicitConfirm in PKIHeader.
577 (577) {NotBefore | NotAfter} date supplied is invalid({cannot compute seconds since epoch | date is before today}).
581 (581) Validity supplied when not configured to honor client dates.
582 (582) No CA domain found for issuer Issuer Distinguished name.
584 (584) Number of extraCerts > HonorClientCerts (envar name envar) value of envar value.
587 (587) Critical crl extension oid=Extension OID value is not supported.
588 (588) crlReason extension value is not valid; decode error error-code.
589 (589) Serial number required in certTemplate.
590 (590) {Revoke/Suspend | Resume} of serial number decimal-serial-number(0xhex-serial-number) failed for CA Domain Domain name.
600 (600) Error encountered while encoding response body(failing element[:error code])
601 (601) Error encountered while encoding response header(failing element[:error code])
602 (602) {Attributes | Extensions} supplied when not configured to honor client extensions.
603 (603) Base64 encode of CertificationRequest failed, error=error-code.
604 (604) CertReqMsg with publicKey has missing or unsupported ProofOfPossesion
606 (606) Error encountered while encoding CertReqMsg(failing element[:error code]).
607 (607) Error obtaining the current time of day(failing step:error code).
608 (608) Error retrieving information from the CMP request (failing element[:error code])
609 (609) {cr | rr} message does not contain only one {CertReqMsg | RevDetails}.
610 (610) Subject name absent from CertTemplate for a cr message
611 (611) Unsupported CMP message version (version specified not equal 2)
612 (612) Error initializing PKI Services configuration file (configuration-file-name)
613 (613) CA domain domain-name does not have CMP support enabled
614 (614) Error retrieving CMP environment variables
620 (620) Key type {[null] | specified KEYTYPE value} is not valid.
621 (621) Cannot initialize ICSF PKCS#11 interfaces (C_Initialize return code 0xhex-return-code)
622 (622) Error encountered while destroying a {Publik | Private} key object (return code 0xhex-return-code)
623 (623) Internal PKCS#11 API failure (PKCS #11 API) return code 0xhex-return-code
624 (624) {RSA | ECC} key generation failure (C_GenerateKeyPair return code 0xhex-return-code)
464453637 VSAM contention caused the request to fail. Retry the request.
464453634 VSAM contention caused the request to fail. Retry the request.
Parent topic: Using the certificate management protocol (CMP) with PKI Services