Messages and codes returned from the CMP functions
Most messages are returned to the caller as a CMP error response.
In addition, all messages are echoed to the CGI program error log
in the format:
date time pkicmp-> function: (error code) message text
For
example:Wed Oct 28 09:34:12 2009 pkicmp->processNotDays: (577) NotBefore date supplied is invalid(date is before today).
Error code | Explanation |
---|---|
Note: Error codes 06 - 99 are the reason codes
from the RACF® IRRSPX00 callable
service.
|
|
06 | Request queue serialization timeout occurred. |
08 | Request denied, not authorized. |
12 | An internal error has occurred during RACF processing. |
20 | Function code specified is not defined. |
28 | Certificate generation provider not available for specified CA domain |
32 | Incorrect value specified for CA domain. |
40 | Incorrect Reason Specified. |
52 | Parameter has an incorrect value. |
56 | Required field is missing from request. |
60 | Certificate generation provider error. |
64 | SerialNum has an incorrect length. |
72 | The status of the certificate has been changed by another process. |
76 | Conflicting fields names in CertPlist. |
99 | General error for other RACF callable service IRRSPX00 errors. |
510 | (510) Base64 decode of input message failed, error=error-code |
511 | (511) Base64 encode of output message failed, error=0xhex-error code |
512 | (512) Storage allocation failed (client certificate storage:error-code) |
513 | (513) Error occurred, HTTP access is forbidden. |
514 | (514) Error occurred, HTTP method was HTTP method name instead of POST. |
515 | (515) Failed to create CMP response message. |
516 | (516) Unsupported TCP Message protocol version. |
517 | (517) Unsupported TCP Message message type. |
518 | (518) Error occurred attempting to read the HTTP input message |
519 | (519) Unsupported CMP message type: CMP message type specified |
520 | (520) Key size (envar name envar) of envar value is not a multiple of {2 | 256}. |
521 | (521) Key size (envar name envar) of envar value is not valid for {RSA | secure RSA | NISTECC | BPECC} keys, must be {between 512-4096 | 1024-4096 | 192, 224, 256, 384, or 521 | 160, 192, 224, 256, 320, 384, or 512}. |
522 | (522) Storage allocation failed element:size |
523 | (523) HonorClientDates (envar name envar) value of envar value is not numeric. |
524 | (524) HonorClientDates (envar name envar) value of envar value is not valid, expected 0 or 1. |
525 | (525) notBefore (envar name envar) value of envar value is not numeric. |
526 | (526) notAfter (envar name envar) value of envar value is not numeric. |
527 | (527) HonorClientCerts (envar name envar) value of envar value is not numeric. |
528 | (528) HonorClientCerts (envar name envar) value of envar value invalid, should be 0-5. |
529 | (529) HonorClientExts (envar name envar) value of envar value is not numeric. |
530 | (530) HonorClientExts (envar name envar) value of envar value invalid, should be 0 or 1. |
531 | (531) CMP Envar envar name value is not valid, expected {valid values} |
533 | (533) CMP Envar envar name missing in config file. |
534 | (534) CMP Envar envar name value of envar value is not numeric. |
535 | (535) CMP Envar envar1 name with value of envar1 value <= envar2 name with value of envar2 value. |
536 | (536) Key size (envar name envar)not specified, defaulting to default key size value. |
537 | (537) Key size (envar name envar) of Key size value specified is not numeric. |
538 | (538) KeyType (envar name envar) of KeyType value specified is not valid. |
539 | (539) envar name envar value length is greater than the maximum length of maximum length. |
543 | (543) request.extraCerts[index value].write() failed, status=error code |
544 | (544) gsk_decode_certificate failed, error code=0xSystem SSL error code - System SSL brief error description |
545 | (545) gsk_decode_base64 failed, error code=0xSystem SSL error code - System SSL brief error description |
547 | (547) gsk_open_keyring() failed: Error 0xSystem SSL error code - System SSL brief error description |
548 | (548) gsk_decode_certificate failed, error code=0xSystem SSL error code - System SSL brief error description |
549 | (549) gsk_get_record_by_index() failed: Error 0xSystem SSL error code - System SSL brief error description |
550 | (550) Specified Keyring Keyring name contains no certificates |
553 | (553) gsk_decode_import_certificate failed, error code=0xSystem SSL error code - System SSL brief error description |
554 | (554) gsk_encode_private_key, error code=0xSystem SSL error code - System SSL brief error description |
555 | (555) gsk_make_enveloped_data_msg_extended failed, error code=0xSystem SSL error code - System SSL brief error description |
556 | (556) gsk_encode_export_certificate failed, error code=0xSystem SSL error code - System SSL brief error description |
557 | (557) gsk_construct_private_key_rsa failed, error code=0xSystem SSL error code - System SSL brief error description |
558 | (558) gsk_construct_public_key[ECC] failed, error code=0xSystem SSL error code - System SSL brief error description |
559 | (559) gsk_modify_pkcs11_key_label failed, error code=0xSystem SSL error code - System SSL brief error description |
560 | (560) gsk_make_enveloped_private_key_msg error failed, error code=0xSystem SSL error code -System SSL brief error description |
562 | (562) Triple Des Algorithm not available, using Single Des. |
563 | (563) Gencert succeeded, But no Transaction ID returned. |
573 | (573) Could not decode CMP message. |
576 | (576) Missing ImplicitConfirm in PKIHeader. |
577 | (577) {NotBefore | NotAfter} date supplied is invalid({cannot compute seconds since epoch | date is before today}). |
581 | (581) Validity supplied when not configured to honor client dates. |
582 | (582) No CA domain found for issuer Issuer Distinguished name. |
584 | (584) Number of extraCerts > HonorClientCerts (envar name envar) value of envar value. |
587 | (587) Critical crl extension oid=Extension OID value is not supported. |
588 | (588) crlReason extension value is not valid; decode error error-code. |
589 | (589) Serial number required in certTemplate. |
590 | (590) {Revoke/Suspend | Resume} of serial number decimal-serial-number(0xhex-serial-number) failed for CA Domain Domain name. |
600 | (600) Error encountered while encoding response body(failing element[:error code]) |
601 | (601) Error encountered while encoding response header(failing element[:error code]) |
602 | (602) {Attributes | Extensions} supplied when not configured to honor client extensions. |
603 | (603) Base64 encode of CertificationRequest failed, error=error-code. |
604 | (604) CertReqMsg with publicKey has missing or unsupported ProofOfPossesion |
606 | (606) Error encountered while encoding CertReqMsg(failing element[:error code]). |
607 | (607) Error obtaining the current time of day(failing step:error code). |
608 | (608) Error retrieving information from the CMP request (failing element[:error code]) |
609 | (609) {cr | rr} message does not contain only one {CertReqMsg | RevDetails}. |
610 | (610) Subject name absent from CertTemplate for a cr message |
611 | (611) Unsupported CMP message version (version specified not equal 2) |
612 | (612) Error initializing PKI Services configuration file (configuration-file-name) |
613 | (613) CA domain domain-name does not have CMP support enabled |
614 | (614) Error retrieving CMP environment variables |
620 | (620) Key type {[null] | specified KEYTYPE value} is not valid. |
621 | (621) Cannot initialize ICSF PKCS#11 interfaces (C_Initialize return code 0xhex-return-code) |
622 | (622) Error encountered while destroying a {Publik | Private} key object (return code 0xhex-return-code) |
623 | (623) Internal PKCS#11 API failure (PKCS #11 API) return code 0xhex-return-code |
624 | (624) {RSA | ECC} key generation failure (C_GenerateKeyPair return code 0xhex-return-code) |
464453637 | VSAM contention caused the request to fail. Retry the request. |
464453634 | VSAM contention caused the request to fail. Retry the request. |