Skip to main content

Common errors and solutions

Failed to sign errors generally have a status_code=403. Below are some errors that commonly occur when signing fails.

No access to keypair

Error message

User - <user ID> does not have rights to access the keypair - <keypair ID>

Problem

You are unable to sign because you have selected to sign with a keypair that does exist in the account but is not assigned to you or your team.

Solution

Select a different keypair that you do have access to or ask your account lead or team lead to add you as a user of the keypair.

Incorrect keypair alias provided

Error message in SMCTL

error when downloading default certificate No keypair found for the given keypair alias

Error message in logs

error when downloading default certificate 
No keypair found for the given keypair alias

Problem

Signing failed because the keypair alias you provided in the command is incorrect or the keypair alias case does not match.

Note

Keypair aliases are case sensitive.

Solution

Run the following command to confirm the exact name of the keypair alias you should provide in the signing command:

smctl keypair list

Keypair is offline

Error message

Provided keypair is in OFFLINE state and cannot be used for signing. Please provide keypair in active state to be used for signing.

Problem

You have selected to sign with an offline keypair. Offline keypairs can only be used to sign during a release.

Solution

Select an online keypair or switch the offline keypair to online.

User is not multi-factor authenticated when generating cert or signing even though the user has multi-factor auth enabled

Error message

status_code=403, message={"error":{"status":"access_denied","message":"User is not multi-factor authenticated. As per compliance rules, user needs to be authenticated using multi-factor for performing generate operation."}}, nested_error=<nil>

Description

This error occurs when the SM_HOST environment variable is set to the DigiCert ONE Portal without client authentication. An API key and client authentication certificate is required for multi-factor authentication.

Solution

Check the SM_HOST variables and make sure it is “clientauth.one.digicert.com” or “clientauth.xyxyxyxyxy” for self-hosted instance where xyxyxyxyxy is the domain name of the instance.

Invalid JWT/S token error when performing operations

Error message

failed to list keypairs: status_code=401, message={ "error" : { "status" : "wrong_token", "message" : "Invalid JWT/S token." } }, nested_error=<nil>

Description

This error occurs when the API token is not provided correctly.

Solution

Make sure the SM_API_KEY environment variable is set properly for the login being used with the client tools.

Certificate profile is invalid

Error message

status_code=400, message={"error":{"status":"invalid_input_field","message":"Certificate profile is invalid."}}, nested_error=<nil>

Description

This error occurs when a production certificate profile is used while generating a test keypair instead of a test profile and vice versa.

Solution

Make sure that the profile category matches the keypair category whether it is Production or Test.

Failed to fetch data from server

Error message

failed to fetch data from server: Get "https://clientauth.stabe.one.digicert.com.....": dial tcp: lookup clientauth.stabe.one.digicert.com: no such host

Problem

While performing an action, you may receive the following error because your host is listed incorrectly in your environment variables.

Solution

  1. Run:

    smctl healthcheck
  2. Compare the host listed in the healthcheck command output to this list of hosts.

  3. Update you host URL in your environment variables