Skip to main content

Common errors and solutions

Failed to sign errors generally have a status_code=403. Below are some errors that commonly occur when signing fails.

No access to keypair

Error message

User - <user ID> does not have rights to access the keypair - <keypair ID>

Problem

You are unable to sign because you have selected to sign with a keypair that does exist in the account but is not assigned to you or your team.

Solution

Select a different keypair that you do have access to.

Incorrect keypair alias provided

Error message in SMCTL

error when downloading default certificate No keypair found for the given keypair alias

Error message in logs

error when downloading default certificate 
No keypair found for the given keypair alias

Problem

Signing failed because the keypair alias you provided in the command is incorrect or the keypair alias case does not match.

注記

Keypair aliases are case sensitive.

Solution

Run the following command to confirm the exact name of the keypair alias you should provide in the signing command:

smctl keypair list

User is not multi-factor authenticated when generating cert or signing even though the user has multi-factor auth enabled

Error message

status_code=403, message={"error":{"status":"access_denied","message":"User is not multi-factor authenticated. As per compliance rules, user needs to be authenticated using multi-factor for performing generate operation."}}, nested_error=<nil>

Description

This error occurs when the SM_HOST environment variable is set to the DigiCert ONE Portal without client authentication. An API key and client authentication certificate is required for multi-factor authentication.

Solution

Check the SM_HOST variables and make sure it is “clientauth.one.digicert.com” or “clientauth.xyxyxyxyxy” for self-hosted instance where xyxyxyxyxy is the domain name of the instance.

Invalid JWT/S token error when performing operations

エラーメッセージの例:

failed to list keypairs: status_code=401, message={ "error" : { "status" : "wrong_token", "message" : "Invalid JWT/S token." } }, nested_error=<nil>

APIトークンが正しく提供されていない場合に発生します。

This error occurs when the API token is not provided correctly.

ソリューション:クライアントツールで使用しているログインに、SM_API_KEY 環境変数が正しく設定されていることを確認してください。

Make sure the SM_API_KEY environment variable is set properly for the login being used with the client tools.

Certificate profile is invalid

Error message

status_code=400, message={"error":{"status":"invalid_input_field","message":"Certificate profile is invalid."}}, nested_error=<nil>

Description

This error occurs when a production certificate profile is used while generating a test keypair instead of a test profile and vice versa.

Solution

Make sure that the profile category matches the keypair category whether it is Production or Test.

Failed to fetch data from server

Error message

failed to fetch data from server: Get "https://clientauth.stabe.one.digicert.com.....": dial tcp: lookup clientauth.stabe.one.digicert.com: no such host

Problem

While performing an action, you may receive the following error because your host is listed incorrectly in your environment variables.

Solution

  1. Run:

    smctl healthcheck
  2. Compare the host listed in the healthcheck command output to this list of hosts.

  3. Update you host URL in your environment variables