CMP Error Messages
The following lists CMP error codes. For more general information about the Certificate Management Protocol (CMP) and how it works with EJBCA, see CMP.
CMP Error Messages and Codes
If issues occur during CMP processing, different CMP error messages or HTTP error codes are returned depending on issue type and when it is encountered.
|
Error Description |
Error Type |
Error Code |
|
The received request did not contain a DER object. |
HTTP |
400 Bad Request |
|
The DER object contained in request could not be parsed to a CMP message. |
Unsigned CMP |
BAD_REQUEST (2) |
|
Signature verification on a nested message failed. |
Unsigned CMP |
BAD_REQUEST (2) |
|
Received CMP message was of an unknown type |
Unsigned CMP |
BAD_REQUEST (2) |
|
Submitting a request with a URL that does not match an existing CMP alias |
HTTP |
404 Not Found |
|
Submitting a CMP RA message with a signing certificate which was revoked or expired. |
Unsigned CMP |
BAD_REQUEST (2) |
|
Submitting a CMP RA message that could not be authenticated. |
Unsigned CMP |
BAD_MESSAGE_CHECK (1) |
|
Trying to revoke a certificate that was already revoked |
Signed CMP |
CERT_REVOKED (10) |
|
Trying to revoke a certificate whose revocation is is waiting for approval |
Unsigned CMP |
BAD_REQUEST (2) |
|
Trying to revoke a certificate from a nonexistent CA. |
Unsigned CMP |
BAD_REQUEST (2) |
|
Trying to revoke a non existing certificate |
Signed CMP |
BAD_CERTIFICATE_ID (4) |
|
Trying to revoke a certificate, but serial number or issuer were missing from request. |
Signed CMP |
BAD_CERTIFICATE_ID (4) |
|
Revocation reason could not be parsed from CMP message |
Unsigned CMP |
INCORRECT_DATA (7) |
|
Trying to issue or request a certificate from a non existing CA |
Unsigned CMP |
WRONG_AUTHORITY (6) |
|
Submitting a CMP request with bad POP |
Unsigned CMP |
BAD_POP (9) |
|
Submitting a CMP client mode enrollment request with invalid certificate extensions specified. |
Unsigned CMP |
BAD_REQUEST (2) |
|
Submitting a CMP client mode enrollment request with invalid enrollment code. |
Unsigned CMP |
NOT_AUTHORIZED (23) |
|
Attempting a key update request without the end entity authentication module configured. |
Unsigned CMP |
BAD_REQUEST (2) |
|
A key update request without could not be authenticated/verified. |
Unsigned CMP |
BAD_REQUEST (2) |
|
A key update request was submitted without a subject DN |
Unsigned CMP |
BAD_REQUEST (2) |
|
A key update request for an end entity which wasn't found in the database. |
Unsigned CMP |
BAD_MESSAGE_CHECK (1) |
|
A key update request was submitted using the same key pair. |
Unsigned CMP |
BAD_MESSAGE_CHECK (1) |
|
Any other failures that may have occurred during key renewal. |
Unsigned CMP |
BAD_MESSAGE_CHECK (1) |
|
Submitting a CMP client mode enrollment request with wrong user/enrollment code |
Unsigned CMP |
NOT_AUTHORIZED (23) |
|
A request for server generated keys when this is not enabled in CMP alias |
Unsigned CMP |
BAD_REQUEST (2) |
|
A request for server generated keys when the certificate profile does not exist |
Unsigned CMP |
BAD_REQUEST (2) |
|
A request for server generated keys when the key algorithm, key size (RSA) or curve (ECDSA) is not allowed |
Unsigned CMP |
BAD_REQUEST (2) |
|
A request for server generated keys with invalid or unsupported key parameters |
Unsigned CMP |
BAD_REQUEST (2) |
|
Other internal errors |
Unsigned CMP |
Various |
Related Content
Page:CMP Proxy
Page:CMP Interoperability
Page:CMP
Page:Using CMP with 3GPP