Home
CERT+
Automate certificate lifecycle management including issuance, discovery, renewal, and deployment, across public and private trust CAs. Assess, prioritize, and plan your migration to quantum-safe encryption with the Quantum Trust Hub add-on module.
CERT+ Troubleshooting Guide
Troubleshooting for CAs
Troubleshooting for EJBCA CA Issues

CERT+
Automate certificate lifecycle management including issuance, discovery, renewal, and deployment, across public and private trust CAs. Assess, prioritize, and plan your migration to quantum-safe encryption with the Quantum Trust Hub add-on module.
PKI+
Provision, govern and scale private trust certificates with a Post Quantum ready cloud based Enterprise PKI-as-a-Service.
SIGN+
Secure software, firmware, and containers with a comprehensive enterprise code signing solution.
SSH+
Control SSH access and key rotation at scale with an SSH key lifecycle management solution.
KUBE+
Unify DevOps and Security teams by managing certificates with a Kubernetes-native certificate lifecycle management solution.
DDI+
Manage domain registration, renewal, decommissioning, and other security controls with an end-to-end domain lifecycle management solution.
ADC+
Automate and orchestrate application delivery infrastructure at scale with an ADC lifecycle automation platform.
Platform
Manage policy and automation across all of the products and modules in the AVX ONE platform.
AppViewX Setup
Get detailed instructions for setting up AVX ONE in on-premises or SaaS deployments.
Release Artifacts
Review new features, fixes, and security advisories with official AppViewX release documentation.

Troubleshooting for EJBCA CA Issues

This section helps you troubleshoot the common problems that you might encounter when using EJBCA CA functionalities like EJBCA CA setting addition, certificate enrollment, renewal, revocation, suspension, reinstatement, and discovery.

Supported Web Browsers


Browser	Version	Notes
Firefox	Till latest (Version 84.0.4147.135)	NA
Chrome	Till latest (Version 80.0)	NA
IE	Limited support in 9, Full support from 10+	No support for IE9 post-AppViewX Version 11.0
Safari	Till latest (Windows - Version 5.1.7, macOS - Version 13.1.2)	From AppViewX Version 11.1
Opera	Till latest (Version 70)	From AppViewX Version 11.1

Supported Devices


Device	OS	Resolution
Desktop	Windows	1024 X 768 onwards, 1366x768, 1920x1080, Higher
Desktop	Linux	1024 X 768 onwards, 1366x768, 1920x1080, Higher
Desktop	Mac	1024 X 768 onwards, 1366x768, 1920x1080, Higher
iPad	iOS	1024 X 768

Issues in Configuring EJBCA CA and Fetching EEPs

Table 1. Error messages and resolutions
Error Message	Possible Cause	Possible Solution
Unable to save CA settings CA Settings name already exists.	A CA setting with the same name for EJBCA already exists in the inventory.	Check the CA Setting name. It should be unique.
This field should not be null or empty. Mandatory Field(s) - <Field name> is/are empty. CA Settings - [ <Fields>] mandatory fields cannot be empty.	Some of the mandatory fields might be missing or might be invalid.	Add all the valid information in the mandatory section.
Please enter valid credentials - Certificate and key, URL	Uploaded client certificate is incorrect or does not have the required permissions.	Please check the uploaded certificate and its permissions. Ensure that the required permissions are assigned.
At least one end entity profile should be added.	CA Setting does not have at least one End entity profile selected and added.	CA Settings should have at least one End entity profile selected and added.
Unable to establish connection with CA	The configured CA details may be incorrect.	Check the CA details configured on the CA settings page.
	Proxy details may not be configured.	heck whether proxy details are configured in proxy settings.
	AppViewX may not be able to reach CA.	Check whether network access is available.
Unable to establish connection, Please ensure Proxy/Internet connectivity.	Invalid proxy details.	Please check the proxy details provided.
	Internet connectivity may not be available.	Please check Internet connectivity to reach CA.
	Invalid URL provided in CA Settings.	Please check whether a valid CA URL is provided in CA Settings or contact AppViewX Support.

Issues in Enrolling an EJBCA Certificate


Error Message	Possible Cause	Possible Solution
Unable to submit the CSR request to certificate authority - Subject DN field <FieldName>must exist.	FieldName may be set as mandatory in the selected End entity profile in EJBCA portal.	Set the FieldName as optional in the selected End entity profile in EJBCA portal. Add a value for the failed field in the certificate enrollment page (If the field is Organization, Organization unit, Locality, Country, State). If the field is not listed on the enrollment page, add the field in the End entity profile, then pass the value via the enrollment page.
Unable to submit the CSR request to certificate authority - Wrong number of <FieldName> fields in Subject Alternative Name.	No. of values sent and no. of values configured for the field do not match.	Send the exact no of values for the fields configured in the EJBCA portal. Change the field count in EJBCA portal to match the sending value count.
Unable to submit the CSR request to certificate authority - Couldn't find certificate profile (<ProfileId>,) among available certificate profiles.	Certificate profiles may not be configured in the selected end entity profile.	Configure the selected certificate profile in the selected end entity profile.
Unable to submit the CSR request to certificate authority - End Entity data contains a CA, <CA ID>, which the Certificate Profile, <ProfileId>, isn't authorized to use.	Configuration of the selected issuer is not done in the selected certificate profile.	Configure the selected issuer name in the selected certificate profile.
Unable to establish connection with CA	The configured CA details may be incorrect.	Check the CA details configured on the CA settings page.
	Proxy details may not be configured.	heck whether proxy details are configured in proxy settings.
	AppViewX may not be able to reach CA.	Check whether network access is available.
Unable to establish connection, Please ensure Proxy/Internet connectivity/EJBCA server.	Invalid proxy details.	Please check the proxy details provided.
	Internet connectivity may not be available.	Please check Internet connectivity to reach CA.
	Invalid URL provided in CA Settings.	Please check whether a valid CA URL is provided in CA Settings or contact AppViewX Support.
Insufficient privilege for the user to create a certificate.	Request accepted but operation refused due to insufficient privileges, disabled features, etc.	Please refer to the user privileges in EJBCA server for creating certificates or contact the AppViewX Support Team.
Invalid Create Certificate Payload	Missing or invalid input parameters/JSON body in the request.	Please validate the input parameters/payload provided or contact the AppViewX Support Team.
Too many create certificate requests	Too many create certificate requests for EJBCA.	Please try to create a certificate request after some time or contact the AppViewX Support Team.

Issues in Renewing an EJBCA Certificate


Error Message	Possible Cause	Possible Solution
Error while renewing certificate. - Subject DN field <FieldName> must exist.	FieldName may set as mandatory in the selected End entity profile in EJBCA portal	Set the FieldName as optional in the selected End entity profile in EJBCA portal. Add a value for the failed field in the certificate enrollment page (if the field is Organization, Organization unit, Locality, Country, State) If the field is not listed on the enrollment page, add the field in the End entity profile, then pass the value via the enrollment page.
Error while renewing certificate. - Wrong number of <FieldName> fields in Subject Alternative Name.	No. of values sent and no. of values configured for the field do not match.	Send the exact number of values for the fields configured in the EJBCA portal. Change the field count in EJBCA portal as sending value count.
Error while renewing certificate. - Couldn't find certificate profile (<ProfileId>), among available certificate profiles	Certificate profile selected may not be configured in the selected end entity profile.	Configure the selected certificate profile in the selected end entity profile.
Error while renewing certificate. - End Entity data contains a CA, <CA ID>, which the Certificate Profile, <ProfileId>, isn't authorized to use.	Configuration of the selected issuer is not done in the selected certificate profile.	Configure the selected issuer name in the selected certificate profile.
Unable to establish connection with CA	The configured CA details may be incorrect.	Check the CA details configured on the CA settings page.
	Proxy details may not be configured.	heck whether proxy details are configured in proxy settings.
	AppViewX may not be able to reach CA.	Check whether network access is available.
Unable to establish connection, Please ensure Proxy/Internet connectivity/EJBCA server.	Invalid proxy details.	Please check the proxy details provided.
	Internet connectivity may not be available.	Please check Internet connectivity to reach CA.
	Invalid URL provided in CA Settings.	Please check whether a valid CA URL is provided in CA Settings or contact AppViewX Support.
Insufficient privilege for the user to create a certificate.	Request accepted but the operation is refused due to insufficient privileges, disabled features, etc.	Please refer to the user privileges, disabled features in EJBCA server for creating certificates, or contact AppViewX Support.
Invalid Create Certificate Payload	Missing or invalid input parameters / JSON body in the request.	Please validate the input parameters/payload provided or contact AppViewX Support.
Too many create certificate requests	Too many create certificate requests for EJBCA.	Please try to create a certificate request after some time or contact AppViewX Support.
CSR or private key is not available. Use the regenerate option.	CSR or private key may not be available	Use regenerate or upload the private key and perform renew action.

Issues in Regenerating an EJBCA Certificate


Error Message	Possible Cause	Possible Solution
Unable to submit the CSR request to certificate authority - Subject DN field <FieldName> must exist.	FieldName may set as mandatory in the selected end entity profile in EJBCA portal.	Set the FieldName as optional in the selected end entity profile in EJBCA portal. Add a value for the failed field in the certificate enrollment page (If the field is Organization, Organization unit, Locality, Country, State). If the field is not listed on the enrollment page, add the field in the end entity profile, then pass the value via the enrollment page.
Unable to submit the CSR request to certificate authority - Wrong number of <FieldName> fields in Subject Alternative Name.	No of values sent and number of values configured for the field do not match.	Send the exact number of values for the fields configured in the EJBCA portal. Change the field count in EJBCA portal as sending value count.
Unable to submit the CSR request to certificate authority - Couldn't find certificate profile (<ProfileId>,) among available certificate profiles	Certificate profiles may not be configured in the selected end entity profile.	Configure the selected certificate profile in the selected end entity profile
Unable to submit the CSR request to certificate authority - End Entity data contains a CA, <CA ID>, which the Certificate Profile, <ProfileId>, isn't authorized to use.	Configuration of the selected issuer is not done in the selected certificate profile.	Configure the selected issuer name in the selected certificate profile.
Unable to establish connection with CA	he configured CA details may be incorrect.	Check the CA details configured on the CA settings page.
	Proxy details may not be configured.	Check whether proxy details are configured in proxy settings.
	AppViewX may not be able to reach CA.	Check whether network access is available.
Insufficient privilege for the user to create a certificate.	Request accepted but the operation is refused due to insufficient privileges, disabled features, etc.	Please refer to the user privileges, disabled features in EJBCA server for creating certificates, or contact AppViewX Support.
Invalid Create Certificate Payload	Missing or invalid input parameters/JSON body in the request.	Please validate the input parameters/payload provided or contact AppViewX Support.
Too many create certificate requests	Too many create certificate requests for EJBCA	Please try to create a certificate request after some time or contact AppViewX Support.

Issues in Revoking an EJBCA Certificate


Error Message	Possible Cause	Possible Solution
Error while revoking certificate- Could not find end entity certificate.	The issuer name in the connector may be wrong	Set the actual issuer name in the connector then perform revoke action.
Missing issuer details in the request.	Issuer details may be missing.	Provide the issuer details.
Unable to establish connection with CA	he configured CA details may be incorrect.	Check the CA details configured on the CA settings page.
	Proxy details may not be configured.	Check whether proxy details are configured in proxy settings.
	AppViewX may not be able to reach the CA.	Check whether network access is available.

Issues in Suspending an EJBCA Certificate


Error Message	Possible Cause	Possible Solution
Error while suspending certificate- Could not find end entity certificate.	The issuer name in the connector may be incorrect.	Set the actual issuer name in the connector then perform revoke action.
Missing issuer details in the request.	Issuer details may be missing.	Provide issuer details.
Unable to establish connection with CA.	The configured CA details may be incorrect.	Check the CA details configured on the CA settings page.
	Proxy details may not be configured.	Check whether proxy details are configured in proxy settings.
	AppViewX may not be able to reach CA.	Check whether network access is available.

Issues in Reinstating EJBCA Certificate


Error Message	Possible Cause	Possible Solution
Error while reinstating certificate- Could not find end entity certificate.	The issuer name in the connector may be wrong.	Set the actual issuer name in the connector then perform revoke action.
Missing issuer details in the request.	Issuer details may be missing.	Provide issuer details.
Unable to establish connection with CA	The configured CA details may be incorrect.	Check the CA details configured on the CA settings page.
	Proxy details may not be configured.	Check whether proxy details are configured in proxy settings.
	AppViewX may not be able to reach CA.	Check whether network access is available.

Issues in Discovering EJBCA Certificates


Error Message	Possible Cause	Possible Solution
Expiry days need to be configured to discover certificates.	Expiry days not configured in the selected EJBCA CA Settings.	Set the expiry days in the selected CA settings.
Unable to establish connection with CA	The configured CA details may be incorrect.	Check the CA details configured on the CA settings page.
	Proxy details may not be configured.	Check whether proxy details are configured in proxy settings.
	AppViewX may not be able to reach CA.	Check whether network access is available.

AppViewX