Skip to main content

Identify signing errors

If you encounter errors while working with DigiCert​​®​​ Software Trust Manager client tools, follow the methods below.

Signature logs

To identify the error message for a failed event in Software Trust Manager:

  1. Sign in to DigiCert ONE.

  2. Select the Manager menu (top right) > Software Trust.

  3. Navigate to: Logs > Signature logs.

  4. In the Status column, filter by Failure.

  5. Identify and click on the date of the failed event.

  6. To identify why the action failed, refer to the Error message field.

    Sample

    You cannot access this keypair. This keypair is restricted to a team. To resolve this issue, ensure that the team is active and that you are part of the team.

Astuce

If the information provided in the signature logs are not sufficient to resolve your error, check the logs by following the instructions below.

Cryptographic library logs

When you encounter an error while signing via GPG SCD, CSP, PKSC11, KSP, or JCE, follow the procedure below:

  1. To set the log level to TRACE, run the command:

  2. Run the signing command that failed again.

  3. To identify where your logs are located, run:

    echo %USERPROFILE%/.signingmanager/logs

  4. Copy the output of the command to navigate to the logs location.

  5. Identify one of the log files based on the signing tool that was used to sign:

    Client tool

    Log name

    Apksigner

    smpkcs11.log

    Jarsigner

    Docker Notary

    OpenSSL

    GPG signing with GnuPG PKCS11 SCD

    XMLsectool

    Jsign

    osslsigncode

    Signtool (64-bit)

    smksp.log

    Mage

    Nuget

    HLK and HCK

    Signtool (32-bit)

    smcsp.log

    Jarsigner

    digicert-jce.log

    Software Trust Manager GPG SCD

    ssm-scd.log

  6. Open the log file.

  7. To identify the the most recent event, scroll to the end of the logs.

  8. The last few lines should explain why the error occurred.

  9. If you are unable to resolve the error based on the information provided, contact Support and provide the log file.

CryptoTokenKit logs

When you encounter an error while using Codesign and Productsign via the Software Trust Manager CryptoTokenKit (CTK), follow the procedure below.

To view logs related to CTK activities you could run the following commands:

  1. To fetch all logs which contain the string Digicert SSM Signing Clients:

    log stream | grep “Digicert SSM Signing Clients”

  2. To fetch all logs which contain the string TokenExtension:

    log stream | grep TokenExtension

  3. To identify the the most recent event, scroll to the end of the logs.

  4. The last few lines should explain why the error occurred.

  5. If you are unable to resolve the error based on the information provided, contact Support and provide the log file.

Dans cette section​: