This topic lists errors for the sslcfg command.
See Common errors for a list of error messages that apply to all commands. See sslcfg command for information about command syntax and examples of command use.
| Error message | Definition |
|---|---|
| -cabu can only be used with -upld and -u | A user tries to import an externally signed LDAP client certificate and CA bundle without specifying the -upld and -u options. |
| -cabu is required when importing a certificate | A user tries to import an externally signed LDAP client certificate and CA bundle without using the -cabu option to specify a URL. |
| -crlx import/download cannot be used with -dnld, -upld, or -tcx import/download | A user tries to import or download a certificate revocation list when specifying -dnld, -upld, or -tcx import/download at the same time. |
| -csa can only be used with -gen ca or -gen ldapsrv | A user tries to issue the -csa option without the -gen option or without providing the ca or ldapsrv argument for the -gen option. |
| -csa must be specified when the mode is comp | A user tries to generate a CA certificate, failing to specify the certificate signing algorithm while the cryptographic mode is set to comp (compatibility with all NIST cipher suites). |
| -dnld cannot be used with -upld, -tcx import/download, or -crlx import/download | A user tries to download an externally signed server certificate and CA bundle when specifying -upld, -tcx import/download, or -crlx import/download at the same time. |
| -dnld or -upld must be with -u specified | A user tries to issue a download certificate signing request or an import certificate command without the -u option. |
| -f can only be used with -dnld cert/csr | A user tries to specify the format of a certificate or certificate signing request without specifying a download. |
| -remove can only be used with -t client | A user tries to issue the -remove option without the -t option or without providing the client argument for the -t option. |
| -tcx import/download cannot be used with -dnld, -upld, or -crlx import/download | A user tries to import or download a trusted certificate when specifying -dnld, -upld, or -crlx import/download at the same time. |
| -u must be provided to download or import a certificate revocation list. | A user tries to issue a download or import trusted certificate revocation list command without the -u option. |
| -u must be provided to import a trusted certificate | A user tries to issue an import trusted certificate command without the -u option. |
| -upld cannot be used with -dnld, -tcx import/download, or -crlx import/download | A user tries to import an externally signed server certificate and CA bundle when specifying -dnld, -tcx import/download, or -crlx import/download at the same time. |
| Arguments of required options must not be blank | A user tries to enter a required option without its argument. |
| CA certificate regeneration not permitted. The
following nodes require an update to the latest blade firmware: node where node identifies the compute nodes requiring a firmware update. |
A user attempts to regenerate a CA certificate when compute node firmware requires an update to support the change. |
| CA generation does not support user inputs | A user tries to generate a CA certificate with options other than -csa. |
| Cannot open file: filename where filename is the name of the file that was entered for opening. |
An error occurs while the CMM is trying to open a file. |
| CLI map failed error = error where error specifies error. |
An error occurs while the CMM is mapping the file to memory. |
| CMM security policy disallows -httpse disable (http enable) right now. | A user tries to disable the SSL server when the CMM security policy is set to secure. |
| Converting DER back to X509 format failed. | An error occurs while the CMM is converting DER back to X509 format. |
| CSR generation for client failed | An error occurs while the CMM is generating a certificate signing request for a client. |
| CSR generation for server failed | An error occurs while the CMM is generating a certificate signing request for a server. |
| Deleting trusted_certindex failed where index is the number of the selected trusted certificate, between 1 and 4 (inclusive). |
A user tries to delete a nonexistent trusted certificate. |
| Downloading Cert/CA/CSR to argument failed where:
|
An error occurs while the CMM is downloading a certificate, certificate authority, or certificate signing request. |
| Error deleting LDAP client CA bundle | An error occurs while the CMM is deleting a certificate authority bundle. |
| Error deleting LDAP client certificate | An error occurs while the CMM is deleting an LDAP client certificate. |
| Error: LDAP Client Certificate Doesn't Exist | A user tries to view or download an externally signed LDAP client certificate that does not exist. |
| Error: Requested Certificate Doesn't Exist | A user tries to view an externally signed server certificate or CA bundle that does not exist. |
| Error: unknown certificate | An error occurs because an unknown certificate type is referred to. |
| Exporting Cert/CSR/CA failed where Cert/CSR/CA specifies whether the user tried to export a certificate, certificate signing request, or certificate authority. |
An error occurs while the CMM is exporting a certificate, certificate signing request, or certificate authority. |
| Externally signed SSL server certificate file format must be PEM or DER. | A user tries to import an externally signed server certificate of the wrong file format. |
| Failed - EnableCRLCheck is enabled but no signed crl installed | An error occurs while setting the state for the LDAP client because no signed certificate revocation list is installed. |
| Failed - no trusted certificate installed | An error occurs while setting the state for the LDAP client because no trusted certificate is installed. |
| Failed - Requested file doesn't exist | A user tries to view or download a trusted certificate or certificate revocation list file that does not exist. |
| File format must be PEM or DER. | A user tries to import a trusted certificate or certificate revocation list of the wrong file format. |
| File to be deleted doesn't exist. | A user tries to delete a trusted certificate, certificate revocation list, externally signed client certificate, or CA bundle file that does not exist. |
| File transfer failed. | An error occurs while transferring a file during file upload. |
| File transfer failed abnormally. | An error occurs while transferring a file during file upload. |
| Generate CA failed | An error occurs during CA certificate generation. |
| Generate LDAP server certificate failed | An error occurs during LDAP server certificate generation. |
| Getting SSL Client Certificate status failed. | An error occurs while the CMM is reading the SSL client certificate status. |
| Getting SSL CSR status failed. | An error occurs while the CMM is reading the SSL certificate signing request status. |
| Getting SSL Server Certificate status failed. | An error occurs while the CMM is reading the SSL server certificate status. |
| Getting SSL Server CSR status failed. | An error occurs while the CMM is reading the SSL server certificate signing request status. |
| Importing url failed where url is the URL that was entered. |
An error occurs while importing the indicated URL. |
| Invalid argument for -view | A user tries to issue a command with an invalid argument for the -view option. |
| Invalid SSL target for certificate revocation list: server | A user tries to issue a command for a certificate revocation list with a target of server'. |
| Invalid SSL target for Trusted certificate: server | A user tries to issue a command for a trusted certificate with a target of server'. |
| Invalid URL for -u: url where url is the URL that was entered. |
A user tries to enter a URL that is not valid. |
| Intermediate Root CA bundle file format must be PEM or DER. | A user tries to import a CA bundle of the wrong file format. |
| LDAP Client Certificate File format must be PEM or DER. | A user tries to import an externally signed client certificate of the wrong file format. |
| LDAP server certificate generation does not support user inputs | A user tries to enter information when generating a LDAP server certificate. |
| LDAP Server must use internally signed SLL Server
certificate. The following devices prevent use of an externally
signed SSL Certificate with LDAP server. list of nodes The LDAP sever will use an internally signed SSL certificate until blocking devices are removed (FSP's) or up-dated to latest firmware (IMMv2) where list of nodes specifies the devices that prevent use of externally signed SSL certificates. |
A user tries to use externally signed SSL certificates on devices configured to restrict their use. |
| Missing required options. | A user tries to issue a command for the SSL configuration without entering all the required options. |
| Mode nist800-131a requires rsa2048sha256 | A user tries to generate a CA certificate using rsa2048sha1 as the signing algorithm while the cryptographic mode is set to nist800-131a. |
| No Cert/CSR/CA available. where Cert/CSR/CA specifies whether the user specified a certificate, certificate signing request, or certificate authority. |
A user tries to issue a command to download a nonexistent certificate, certificate signing request, or certificate authority. |
| No trusted_certindex available. where index is the number of the selected trusted certificate, between 1 and 4 (inclusive). |
A user tries to issue commands to a nonexistent trusted certificate. |
| No valid client certificate is in place. Type 'sslcfg -h' for syntax help of the SSLclient Certificate generation command. | A user tries to issue a command to enable the SSL client without a valid client certificate in place. |
| No valid server certificate is in place. Type 'sslcfg -h' for syntax help of the SSL Server Certificate generation command. | A user tries to issue a command to enable the SSL server without a valid server certificate in place. |
| No valid trusted certificate is in place. Type 'sslcfg -h' for syntax help of the SSL trusted Certificate importing command. | A user tries to issue a command to enable the SSL client without a valid trusted certificate in place. |
| Reading certificate revocation list failed | An error occurs while reading the certificate revocation list. |
| The externally signed LDAP Client certificate doesn't exist. | A user tries to import an externally signed client certificate that does not exist. |
| The externally signed SSL Server certificate doesn't exist. | A user tries to import an externally signed server certificate that does not exist. |
| The following devices prevent use of an externally
signed SSL Certificate with LDAP server. list of nodes The LDAP sever will use an internally signed SSL certificate until blocking devices are removed (FSP's) or up-dated to latest firmware (IMMv2) where list of nodes specifies the devices that prevent use of externally signed SSL certificates. |
A user tries to use externally signed SSL certificates on devices configured to restrict their use. |
| The imported file doesn't exist. | A user tries to import a trusted certificate or certificate revocation list that does not exist. |
| The intermediate root ca bundle is not a valid chain of trust | A user tries to import an intermediate CA bundle that is not trusted. |
| The LDAP Client intermediate root ca certificate bundle doesn't exist. | A user tries to import an intermediate CA bundle that does not exist. |
| The LDAP Client intermediate root ca certificate bundle file format must be PEM or DER. | A user tries to import an intermediate CA bundle of the wrong file format. |
| The LDAP server is now using externally signed SSL certificate as all end point devices firmware reports they can support. | Advisory message indicating that all devices report support of external SSL certificates. |
| The SSL Server intermediate ca certificate bundle doesn't exist. | A user tries to import a CA bundle that does not exist. |
| The SSL Server root ca certificate doesn't exist. | A user tries to import a certificate that does not exist. |
| There was a problem downloading the file | The user does not have the authority for downloading or an error occurs when downloading. |
| There was a problem retrieving the file. | An error occurs while transferring the file. |
| Update Failed, invalid remote location specified | The location specified for update is not valid. |
| URL syntax checking failed | A user tries to enter a URL that is not valid. |
| Viewing -crl1 failed | An error occurs while viewing certificate revocation list 1. |
| Viewing -crl2 failed | An error occurs while viewing certificate revocation list 2. |
| Viewing -crl3 failed | An error occurs while viewing certificate revocation list 3. |
| Viewing -tc1 failed | An error occurs while viewing trusted certificate 1. |
| Viewing -tc2 failed | An error occurs while viewing trusted certificate 2. |
| Viewing -tc3 failed | An error occurs while viewing trusted certificate 3. |
| Viewing CA failed | An error occurs while viewing a certificate authority. |
| Viewing externally signed LDAP client certificate failed | An error occurs while viewing an externally signed LDAP client certificate. |
| Viewing externally signed server certificate failed | An error occurs while viewing an externally signed server certificate. |
| Viewing intermediate CA bundle failed | An error occurs while viewing an intermediate certificate authority bundle. |
| Viewing internally signed server certificate failed | An error occurs while viewing an internally signed server certificate. |
| Writing X509 format certificate to file failed. | An error occurs while the CMM is writing the X509 format certificate to File. |