Common errors and solutions
Failed to sign errors generally have a status_code=403
. Below are some errors that commonly occur when signing fails.
No access to keypair
Error message
User - <user ID> does not have rights to access the keypair - <keypair ID>
Problem
You are unable to sign because you have selected to sign with a keypair that does exist in the account but is not assigned to you or your team.
Solution
Select a different keypair that you do have access to or ask your account lead or team lead to add you as a user of the keypair.
Incorrect keypair alias provided
Error message in SMCTL
error when downloading default certificate No keypair found for the given keypair alias
Error message in logs
error when downloading default certificate No keypair found for the given keypair alias
Problem
Signing failed because the keypair alias you provided in the command is incorrect or the keypair alias case does not match.
Note
Keypair aliases are case sensitive.
Solution
Run the following command to confirm the exact name of the keypair alias you should provide in the signing command:
smctl keypair list
Keypair is offline
Error message
Provided keypair is in OFFLINE state and cannot be used for signing. Please provide keypair in active state to be used for signing.
Problem
You have selected to sign with an offline keypair. Offline keypairs can only be used to sign during a release.
Solution
Select an online keypair or switch the offline keypair to online.
User is not multi-factor authenticated when generating cert or signing even though the user has multi-factor auth enabled
Error message
status_code=403, message={"error":{"status":"access_denied","message":"User is not multi-factor authenticated. As per compliance rules, user needs to be authenticated using multi-factor for performing generate operation."}}, nested_error=<nil>
Description
This error occurs when the SM_HOST environment variable is set to the DigiCert ONE Portal without client authentication. An API key and client authentication certificate is required for multi-factor authentication.
Solution
Check the SM_HOST variables and make sure it is “clientauth.one.digicert.com” or “clientauth.xyxyxyxyxy” for self-hosted instance where xyxyxyxyxy is the domain name of the instance.
Invalid JWT/S token error when performing operations
Error message
failed to list keypairs: status_code=401, message={ "error" : { "status" : "wrong_token", "message" : "Invalid JWT/S token." } }, nested_error=<nil>
Description
This error occurs when the API token is not provided correctly.
Solution
Make sure the SM_API_KEY environment variable is set properly for the login being used with the client tools.
Certificate profile is invalid
Error message
status_code=400, message={"error":{"status":"invalid_input_field","message":"Certificate profile is invalid."}}, nested_error=<nil>
Description
This error occurs when a production certificate profile is used while generating a test keypair instead of a test profile and vice versa.
Solution
Make sure that the profile category matches the keypair category whether it is Production or Test.
Failed to fetch data from server
Error message
failed to fetch data from server: Get "https://clientauth.stabe.one.digicert.com.....": dial tcp: lookup clientauth.stabe.one.digicert.com: no such host
Problem
While performing an action, you may receive the following error because your host is listed incorrectly in your environment variables.
Solution
Run:
smctl healthcheck
Compare the host listed in the healthcheck command output to this list of hosts.
Update you host URL in your environment variables