Troubleshoot EST
To troubleshoot errors with EST-based certificate requests, check the audit log messages by selecting Reporting & auditing > Audit logs from the DigiCert® Trust Lifecycle Manager main menu. Look for log entries with a Failure
status.
Common EST errors
EST error code | Error message in audit logs | Description |
---|---|---|
| "Profile not found in allowed businessUnits: xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx" | Could not find a seat ID enrolled for the profile GUID used as part of the EST request, which is in turn bound to a business unit. |
| "Code taken from HTTP based auth password is invalid - it does not match the value configured by the Administrator" | The provided enrollment code value does not match the code bound to the requested seat ID. Make sure you provide a valid/Base64-encoded enrollment code as part of the “Authorization: Basic” HTTP header. |
| "Error parsing CSR: unable to decode base64 string: invalid characters encountered in base64 data" | Make sure the CSR value does not contain any non-Base64 encoded values. |
| "Could not find seat with identifier = xxxxxxx using subject.common_name as seat id mapping" | The CSR value mapped to your profile’s seat ID could not be found. Make sure you create and enroll the seat ID against your EST-enabled profile, either manually or in bulk by the CSV upload process. |
| "Code taken from HTTP based auth password is invalid - it does not match the value configured by the Administrator" | You provided an enrollment code for your seat ID that does not match the pre-registered value. Make sure the correct enrollment code is provided and that it is correctly encoded as Base64, and passed within the HTTP header as follows: |