Reflection PKI Services Manager returns the following codes to the application requesting validation services.
Code 0 = No errors, successful validation.
Codes 1-10 = Command-line errors, either with winpki or pkid.
Codes 11-19 = Network or protocol errors.
Codes 21-29 = Validation errors.
Codes 31-39 = Mapper errors (certificate is valid but could not be mapped).
Codes 41-49 = CRL or other revocation errors
Code |
Meaning |
---|---|
0 |
No errors. |
1 |
General error, unknown cause. |
2 |
Syntax error with the command, improper arguments. |
3 |
PKI Services Manager is already running. |
4 |
Error in the configuration file. |
5 |
Timeout occurred while executing the command. |
6 |
Network error (for example, cannot connect to PKI Services Manager). |
7 |
Access denied, user does not have permission to run the command. |
8 |
System error . This is an internal error. Re-run with –d switch to see what happened. |
9 |
Migration or initialization failed. See migration error log. |
11 |
Unknown command was requested by the calling application. |
12 |
An exception was thrown by PKI Services Manager. For more information, see the PKI Services Manager event log. |
13 |
Syntax error with the command or packet sent to PKI Services Manager. |
14 |
Command was ignored (not currently used, internal error). |
15 |
Processing error. The certificate sent to PKI Services Manager is not encoded correctly. |
16 |
Command failed (commands are: stop, reload, reconfigure). |
17 |
Signature mismatch. Sender did not sign with a matching key. |
18 |
Format error. The ASN protocol was not properly formatted |
19 |
PKI Services Manager is in FIPS mode and the certificate is not valid in that mode |
21 |
Certificate is invalid (expired, not signed, bad key, etc.) |
22 |
No path. The issuing certificate could not be located. |
23 |
Certificate is revoked. |
24 |
No trust anchor. The path did not terminate to a known trust anchor. |
25 |
Other validation error. Policy or other constraints failed. |
26 |
Path length to the end certificate exceeded the CA path length constraint. |
27 |
Certificate policy is invalid or does not match assertions in effect. |
28 |
Invalid certificate signature. |
29 |
Unknown critical extension was encountered in a certificate or CRL. |
31 |
Identity requested did not match allowed identities. |
32 |
No identities are allowed for this certificate (no maps exist that match). |
33 |
Calling application did not send an identity for matching (client-side error). |
34 |
Certificate is valid, but requested WhoAmI processing |
41 |
Unknown CRL processing error |
42 |
No base for a delta CRL. |
43 |
CRL has expired. |
44 |
Cannot verify signature or it is bad. |
45 |
Unknown CRL extension that is marked critical. |
46 |
Mismatch of IDP field in CRL. |
47 |
No CRL available. |