Skip to main content

Threat detection errors and solutions

The following errors may occur for threat detection commands.

Failed to create directory

Error messages

Fatal error: Failed to create directory: C:\Program Files\DigiCert\DigiCert One Signing Manager Tools\rl.rl-secure-work: permission denied
rl-deploy: failed to install: C:\Program Files\DigiCert\DigiCert One Signing Manager Tools\rl-deploy.exe failed with exit status 1

Problem

While attempting to install rl-deploy, you may receive the following error because it requires administrator privileges in this directory: C:\Program Files\DigiCert\DigiCert One Signing Manager Tools\.

Solution

If you have administrator privileges, run this command in Administrator command prompt:

smctl scan rl-install "C:\Program Files\DigiCert\DigiCert One Signing Manager Tools\rl"

If you do not want to give rl-deploy administrator privileges, follow one of the following instructions based on your operating system:

502 error | Failed to install

Error messages

Fatal error: GET failed... status code: 502, message:rl-deploy: failed to install: C:\Program Files\DigiCert\DigiCert One Signing Manager Tools\rl-deploy.exe failed with exit status 1

Problem

While attempting to install rl-deploy, you may receive the following error because you may have firewall or proxy in place that block calls to ReversingLabs' cloud (data.reversinglabs.com and api.reversinglabs.com) to install rl-deploy.

Solution

Add data.reversinglabs.com and api.reversinglabs.com to your approved list to prevent your firewall or proxy from blocking calls to ReversingLabs' cloud. Once completed reattempt the install command as shown below.

If you have administrator privileges, run this command in Administrator command prompt:

smctl scan rl-install "C:\Program Files\DigiCert\DigiCert One Signing Manager Tools\rl"

If you do not want to give rl-deploy administrator privileges, follow one of the following instructions based on your operating system:

Installation path already exists

Error message

Fatal error: Installation path 'C:\Program Files\DigiCert\DigiCert One Signing Manager Tools' already exists. Please install to a new location.

Problem

While attempting to install rl-deploy, you may receive the following error because it requires administrator privileges in this directory.

Solution

Install rl-deploy in another location:

Requires exactly 1 argument

Error message

"smctl scan rl-install" requires exactly 1 argument.

Problem

While attempting to install rl-deploy, you may receive the following error because SMCTL cannot detect the file path.

Solution

Ensure that your file path is in double quotes, see example below:

smctl scan rl-install "C:\rl"

Failed to fetch data from server

Error message

failed to fetch data from server: Get "https://clientauth.stabe.one.digicert.com/signingmanager/api/v1/connectors/integration/REVERSING_LABS": dial tcp: lookup clientauth.stabe.one.digicert.com: no such host

Problem

While performing an action, you may receive the following error because your host is listed incorrectly in your environment variables.

Solution

  1. Run:

    smctl healthcheck
  2. Compare the host listed in the healthcheck command output to this list of hosts.

  3. Update you host URL in your environment variables

401 error | Invalid JWT/S token

Error message

failed to create software project: status_code=401, message={
  "error" : {
    "status" : "wrong_token",
    "message" : "Invalid JWT/S token."
  }
}, nested_error=<nil>

Problem

The host you have provided in your environment variables exists but it not the correct host for the API key and client authentication certificate that you provided.

Solution

  1. Sign into your DigiCert ONE account.

  2. Identify if the account that contains the API key and client authentication certificate that you provided is stage or production, and what region.

  3. Run:

    smctl healthcheck
  4. Compare the host listed in the healthcheck command output to this list of hosts.

  5. Update you host URL in your environment variables

403 error | Failed to setup license

Error message

failed to setup license: failed to fetch rl license key from server: status_code=403, message={"error":{"status":"access_denied","message":"User is not multi-factor authenticated. Missing Client Authentication Certificate. As per compliance rules, user needs to be authenticated using multi-factor for performing getIntegrationInfo operation."}}, nested_error=<nil>

Problem

The host you have provided in your environment variables exists for 1FA only.

Solution

  1. Run:

    smctl healthcheck
  2. Compare the host listed in the healthcheck command output to this list of hosts.

  3. Update you host URL in your environment variables

403 error | User is not multi-factor authenticated. Missing Client Authentication Certificate

Error message

status_code=403, message={"error":{"status":"access_denied","message":"User is not multi-factor authenticated. Missing Client Authentication Certificate. As per compliance rules, user needs to be authenticated using multi-factor for performing generate operation."}}, nested_error=<nil>

Problem

When attempting to run a threat detection scan, you may receive this error because Two factor authentication is required to perform this action. This error means that your API key (first factor of authentication) and host URL are correct, however SMCTL was unable to authenticate your client certificate (second factor of authentication). Implying that the path to your client authentication certificate path or password is incorrect.

status_code=403, message={"error":{"status":"access_denied","message":"User is not multi-factor authenticated. Missing Client Authentication Certificate. As per compliance rules, user needs to be authenticated using multi-factor for performing <action> operation."}}, nested_error=<nil>

Solution

Ensure that the client authentication certificate path and password is correct. One of the follow methods may be useful:

  • Navigate to the client authentication certificate path listed in the healthcheck command output and confirm if the file name provided and path matches.

  • Compare the your client authentication certificate password listed in the healthcheck command output to your password to confirm that it is correct.

    注意

    If you have lost or forgotten your password, create a new client authentication certificate and securely store your password.

Fatal error: unrecognized option

Error message

Fatal error: unrecognized option '--show-all'
rl-secure: failed to extract status of scan command: rl-data_newCode_oldSmctl\rl-secure.exe failed with exit status 1

Problem

You are using an outdated version of rl-deploy, ReversingLabs' scanning tool.

Solution

Download version 1.46.0 or higher of Software Trust Manager's client tools, see instructions below:

  1. Sign in to DigiCert ONE.

  2. Navigate to DigiCert​​®​​ Software Trust Manager > Resources > Client tool repository.

  3. Select Windows or Linux as your operating system.

  4. Click the download icon next to Windows clients installer or Linux clients.