Threat detection errors and solutions
The following errors may occur for threat detection commands.
Failed to create directory
Error messages
Fatal error: Failed to create directory: C:\Program Files\DigiCert\DigiCert One Signing Manager Tools\rl.rl-secure-work: permission denied rl-deploy: failed to install: C:\Program Files\DigiCert\DigiCert One Signing Manager Tools\rl-deploy.exe failed with exit status 1
Problem
While attempting to install rl-deploy, you may receive the following error because it requires administrator privileges in this directory: C:\Program Files\DigiCert\DigiCert One Signing Manager Tools\
.
Solution
If you have administrator privileges, run this command in Administrator command prompt:
smctl scan rl-install "C:\Program Files\DigiCert\DigiCert One Signing Manager Tools\rl"
If you do not want to give rl-deploy administrator privileges, follow one of the following instructions based on your operating system:
502 error | Failed to install
Error messages
Fatal error: GET failed... status code: 502, message:rl-deploy: failed to install: C:\Program Files\DigiCert\DigiCert One Signing Manager Tools\rl-deploy.exe failed with exit status 1
Problem
While attempting to install rl-deploy, you may receive the following error because you may have firewall or proxy in place that block calls to ReversingLabs' cloud (data.reversinglabs.com and api.reversinglabs.com) to install rl-deploy.
Solution
Add data.reversinglabs.com and api.reversinglabs.com to your approved list to prevent your firewall or proxy from blocking calls to ReversingLabs' cloud. Once completed reattempt the install command as shown below.
If you have administrator privileges, run this command in Administrator command prompt:
smctl scan rl-install "C:\Program Files\DigiCert\DigiCert One Signing Manager Tools\rl"
If you do not want to give rl-deploy administrator privileges, follow one of the following instructions based on your operating system:
Installation path already exists
Error message
Fatal error: Installation path 'C:\Program Files\DigiCert\DigiCert One Signing Manager Tools' already exists. Please install to a new location.
Problem
While attempting to install rl-deploy, you may receive the following error because it requires administrator privileges in this directory.
Solution
Install rl-deploy in another location:
Requires exactly 1 argument
Error message
"smctl scan rl-install" requires exactly 1 argument.
Problem
While attempting to install rl-deploy, you may receive the following error because SMCTL cannot detect the file path.
Solution
Ensure that your file path is in double quotes, see example below:
smctl scan rl-install "C:\rl"
Failed to fetch data from server
Error message
failed to fetch data from server: Get "https://clientauth.stabe.one.digicert.com/signingmanager/api/v1/connectors/integration/REVERSING_LABS": dial tcp: lookup clientauth.stabe.one.digicert.com: no such host
Problem
While performing an action, you may receive the following error because your host is listed incorrectly in your environment variables.
Solution
Run:
smctl healthcheck
Compare the host listed in the healthcheck command output to this list of hosts.
Update you host URL in your environment variables
401 error | Invalid JWT/S token
Error message
failed to create software project: status_code=401, message={ "error" : { "status" : "wrong_token", "message" : "Invalid JWT/S token." } }, nested_error=<nil>
Problem
The host you have provided in your environment variables exists but it not the correct host for the API key and client authentication certificate that you provided.
Solution
Sign into your DigiCert ONE account.
Identify if the account that contains the API key and client authentication certificate that you provided is stage or production, and what region.
Run:
smctl healthcheck
Compare the host listed in the healthcheck command output to this list of hosts.
Update you host URL in your environment variables
403 error | Failed to setup license
Error message
failed to setup license: failed to fetch rl license key from server: status_code=403, message={"error":{"status":"access_denied","message":"User is not multi-factor authenticated. Missing Client Authentication Certificate. As per compliance rules, user needs to be authenticated using multi-factor for performing getIntegrationInfo operation."}}, nested_error=<nil>
Problem
The host you have provided in your environment variables exists for 1FA only.
Solution
Run:
smctl healthcheck
Compare the host listed in the healthcheck command output to this list of hosts.
Update you host URL in your environment variables
403 error | User is not multi-factor authenticated. Missing Client Authentication Certificate
Error message
status_code=403, message={"error":{"status":"access_denied","message":"User is not multi-factor authenticated. Missing Client Authentication Certificate. As per compliance rules, user needs to be authenticated using multi-factor for performing generate operation."}}, nested_error=<nil>
Problem
When attempting to run a threat detection scan, you may receive this error because Two factor authentication is required to perform this action. This error means that your API key (first factor of authentication) and host URL are correct, however SMCTL was unable to authenticate your client certificate (second factor of authentication). Implying that the path to your client authentication certificate path or password is incorrect.
status_code=403, message={"error":{"status":"access_denied","message":"User is not multi-factor authenticated. Missing Client Authentication Certificate. As per compliance rules, user needs to be authenticated using multi-factor for performing <action> operation."}}, nested_error=<nil>
Solution
Ensure that the client authentication certificate path and password is correct. One of the follow methods may be useful:
Navigate to the client authentication certificate path listed in the healthcheck command output and confirm if the file name provided and path matches.
Compare the your client authentication certificate password listed in the healthcheck command output to your password to confirm that it is correct.
Nota
If you have lost or forgotten your password, create a new client authentication certificate and securely store your password.
Fatal error: unrecognized option
Error message
Fatal error: unrecognized option '--show-all' rl-secure: failed to extract status of scan command: rl-data_newCode_oldSmctl\rl-secure.exe failed with exit status 1
Problem
You are using an outdated version of rl-deploy, ReversingLabs' scanning tool.
Solution
Download version 1.46.0
or higher of Software Trust Manager's client tools, see instructions below:
Sign in to DigiCert ONE.
Navigate to DigiCert® Software Trust Manager > Resources > Client tool repository.
Select Windows or Linux as your operating system.
Click the download icon next to Windows clients installer or Linux clients.