Skip to main content

Troubleshoot EST

To troubleshoot errors with EST-based certificate requests, check the audit log messages by selecting Reporting & auditing > Audit logs from the DigiCert​​®​​ Trust Lifecycle Manager main menu. Look for log entries with a Failure status.

Common EST errors

EST error code

Error message in audit logs

Description

entity_not_found

"Profile not found in allowed businessUnits: xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"

Could not find a seat ID enrolled for the profile GUID used as part of the EST request, which is in turn bound to a business unit.

authentication_error

"Code taken from HTTP based auth password is invalid - it does not match the value configured by the Administrator"

The provided enrollment code value does not match the code bound to the requested seat ID.

Make sure you provide a valid/Base64-encoded enrollment code as part of the “Authorization: Basic” HTTP header.

mandatory_attribute_unavailable

"Error parsing CSR: unable to decode base64 string: invalid characters encountered in base64 data"

Make sure the CSR value does not contain any non-Base64 encoded values.

entity_not_found

"Could not find seat with identifier = xxxxxxx using subject.common_name as seat id mapping"

The CSR value mapped to your profile’s seat ID could not be found.

Make sure you create and enroll the seat ID against your EST-enabled profile, either manually or in bulk by the CSV upload process.

authentication_error

"Code taken from HTTP based auth password is invalid - it does not match the value configured by the Administrator"

You provided an enrollment code for your seat ID that does not match the pre-registered value.

Make sure the correct enrollment code is provided and that it is correctly encoded as Base64, and passed within the HTTP header as follows:

Authorization: Basic <your-b64-code>