Table of Contents
Advertisement
Appendix I Log Descriptions
Table 163 PKI Logs (continued)
LOG MESSAGE
Enrollment failed
Failed to resolve <CMP
CA server url>
Rcvd ca cert: <subject
name>
Rcvd user cert:
<subject name>
Rcvd CRL <size>:
<issuer name>
Rcvd ARL <size>:
<issuer name>
Failed to decode the
received ca cert
Failed to decode the
received user cert
Failed to decode the
received CRL
Failed to decode the
received ARL
Rcvd data <size> too
large! Max size
allowed: <max size>
Cert trusted: <subject
name>
Due to <reason codes>,
cert not trusted:
<subject name>
Table 164 Certificate Path Verification Failure Reason Codes
CODE
1
2
3
4
5
6
420
DESCRIPTION
The CMP online certificate enrollment failed. The Destination field
records the certification authority server's IP address and port.
The CMP online certificate enrollment failed because the certification
authority server's IP address cannot be resolved.
The router received a certification authority certificate, with subject
name as recorded, from the LDAP server whose IP address and port
are recorded in the Source field.
The router received a user certificate, with subject name as recorded,
from the LDAP server whose IP address and port are recorded in the
Source field.
The router received a CRL (Certificate Revocation List), with size and
issuer name as recorded, from the LDAP server whose IP address and
port are recorded in the Source field.
The router received an ARL (Authority Revocation List), with size and
issuer name as recorded, from the LDAP server whose address and
port are recorded in the Source field.
The router received a corrupted certification authority certificate from
the LDAP server whose address and port are recorded in the Source
field.
The router received a corrupted user certificate from the LDAP server
whose address and port are recorded in the Source field.
The router received a corrupted CRL (Certificate Revocation List) from
the LDAP server whose address and port are recorded in the Source
field.
The router received a corrupted ARL (Authority Revocation List) from
the LDAP server whose address and port are recorded in the Source
field.
The router received directory data that was too large (the size is listed)
from the LDAP server whose address and port are recorded in the
Source field. The maximum size of directory data that the router allows
is also recorded.
The router has verified the path of the certificate with the listed subject
name.
Due to the reasons listed, the certificate with the listed subject name
has not passed the path verification. The recorded reason codes are
only approximate reasons for not trusting the certificate. Please see
Table 164 on page 420
codes.
DESCRIPTION
Algorithm mismatch between the certificate and the search constraints.
Key usage mismatch between the certificate and the search constraints.
Certificate was not valid in the time interval.
(Not used)
Certificate is not valid.
Certificate signature was not verified correctly.
for the corresponding descriptions of the
P-793H User's Guide
Advertisement
Table of Contents
Troubleshooting
