Troubleshooting for InCommon CA Issues

This section helps you troubleshoot the common problems that you might encounter while using functionalities like configuration, setting addition, CLM actions and discovery associated with InCommon Certificate Authority.

Issues in Configuring InCommon CA

Table 1. Error messages and resolutions
Error Message Possible Cause Possible Solution
Fetch certificate types action has failed Unknown user Username or password may be incorrect. Check and correct the username and password.
Fetch certificate types action has failed Invalid auth data URI may be invalid. Check and correct the URI.

For example: https://cert-manager.com/customer/<customer_uri>/ssl - here URI is customer_uri.
Fetch certificate types action has failed Wrong URL specified or the URL is not reachable Base URL may be invalid. Validate and correct the base URL.
Fetch certificate types action has failed Invalid CA settings details Proxy details could be wrong. Check and correct the proxy details configured in the proxy settings.
Proxy details is not configured in proxy settings. Proxy field is enabled in CA Settings but proxy details are not configured in proxy settings. Configure the proxy details in proxy settings of the general

Issues in Enrolling an InCommon CA Certificate

Table 2. Error messages and resolutions
Error Message Possible Cause Possible Solution
Unknown User Username or password may be invalid Check and correct the username and password in the CA setting.
Invalid auth data URI may be invalid Check and correct the URI in the CA setting.

For example: https://cert-manager.com/customer/<customer_uri>/ssl - here URI is customer_uri.
Wrong url specified or the url is not reachable Base URL may be invalid Validate and correct the base URL in the CA setting.
Invalid CA settings details Proxy details could be wrong Check and correct the proxy details configured in the proxy settings.
Proxy details is not configured in proxy settings. Proxy field is enabled in CA Settings but proxy details are not configured in proxy settings. Configure the proxy details in proxy settings.
You cannot order certificates for the following or additional domains: testcert.test.net. Please double-check correctness of entered information or navigate to ''Domains'' subtab of ''Settings'' tab to request/activate/delegate them or enable this type of certificate for them in terms of the selected organization. Domain part of the common name specified in the request is not supported by Certificate Authority Validate the configured domains or activate the domain in the CA portal, as specified in the error message.
The validity period (term) is invalid for this certificate type. The validity period (term) is invalid for this certificate type. Please specify the validity period (term) that is supported by the chosen cert type in the CA connector and resubmit the request.
Certificate Profile does not support Key Type 'EC - brainpoolP160r1'. EC key type with the specified curve is not supported for the chosen certificate type. Please specify the key type that is supported by the chosen cert type in the CA connector and resubmit the request.

Issues in Regenerating an InCommon Certificate

If a request has failed, then the failure status shall be displayed in the holistic view. Click on the link above the failure message to know the reason for the workflow failure. Common reasons for the failure are mentioned in the table below. Please follow the given remediation steps for the respective error message and resubmit the request.
Table 3. Error messages and resolutions
Error Message Possible Cause Possible Solution
Unknown User Username or password may be invalid Check and correct the username and password in the CA setting.
Invalid auth data URI may be invalid Check and correct the URI in the CA setting.

For example:https://cert-manager.com/customer/<customer_uri>/ssl - here URI is customer_uri.
Wrong url specified or the url is not reachable Base URL may be invalid Validate and correct the base URL in the CA setting.
Invalid CA settings details Proxy details could be wrong Check and correct the proxy details configured in the proxy settings.
Proxy details is not configured in proxy settings. Proxy field is enabled in CA Settings but proxy details are not configured in proxy settings. Configure the proxy details in proxy settings.
You cannot order certificates for the following or additional domains: testcert.test.net. Please double-check correctness of entered information or navigate to ''Domains'' subtab of ''Settings'' tab to request/activate/delegate them or enable this type of certificate for them in terms of the selected organization. Domain part of the common name specified in the request is not supported by Certificate Authority Validate the configured domains or activate the domain in the CA portal, as specified in the error message.
The validity period (term) is invalid for this certificate type. The validity period (term) is invalid for this certificate type. Please specify the validity period (term) that is supported by the chosen cert type in the CA connector and resubmit the request.
Certificate Profile does not support Key Type 'EC - brainpoolP160r1'. EC key type with the specified curve is not supported for the chosen certificate type. Please specify the key type that is supported by the chosen cert type in the CA connector and resubmit the request.

Issues in Renewing an InCommon Certificate

Table 4. Error messages and resolutions
Error Message Possible Cause Possible Solution
Unknown User Username or password may be invalid Check and correct the username and password in the CA setting.
Invalid auth data URI may be invalid Check and correct the URI in the CA setting.

For example: https://cert-manager.com/customer/<customer_uri>/ssl - here URI is customer_uri.
Wrong url specified or the url is not reachable Base URL may be invalid Validate and correct the base URL in the CA setting.
Invalid CA settings details Proxy details could be wrong Check and correct the proxy details configured in the proxy settings.
Proxy details is not configured in proxy settings. Proxy field is enabled in CA Settings but proxy details are not configured in proxy settings. Configure the proxy details in proxy settings.
You cannot order certificates for the following or additional domains: testcert.test.net. Please double-check correctness of entered information or navigate to ''Domains'' subtab of ''Settings'' tab to request/activate/delegate them or enable this type of certificate for them in terms of the selected organization. Domain part of the common name specified in the request is not supported by Certificate Authority Validate the configured domains or activate the domain in the CA portal, as specified in the error message.
The validity period (term) is invalid for this certificate type. The validity period (term) is invalid for this certificate type. Please specify the validity period (term) that is supported by the chosen cert type in the CA connector and resubmit the request.

Issues in Reissuing an InCommon Certificate

Table 5. Error messages and resolutions
Error Message Possible Cause Possible Solution
Unknown User Username or password may be invalid Check and correct the username and password in the CA setting.
Invalid auth data URI may be invalid Check and correct the URI in the CA setting.

For example: https://cert-manager.com/customer/<customer_uri>/ssl - here URI is customer_uri.
Wrong url specified or the url is not reachable Base URL may be invalid Validate and correct the base URL in the CA setting.
Invalid CA settings details Proxy details could be wrong Check and correct the proxy details configured in the proxy settings.
Proxy details is not configured in proxy settings. Proxy field is enabled in CA Settings but proxy details are not configured in proxy settings. Configure the proxy details in proxy settings.
You cannot order certificates for the following or additional domains: testcert.test.net. Please double-check correctness of entered information or navigate to ''Domains'' subtab of ''Settings'' tab to request/activate/delegate them or enable this type of certificate for them in terms of the selected organization. Domain part of the common name specified in the request is not supported by Certificate Authority Validate the configured domains or activate the domain in the CA portal, as specified in the error message.
The validity period (term) is invalid for this certificate type. The validity period (term) is invalid for this certificate type. Please specify the validity period (term) that is supported by the chosen cert type in the CA connector and resubmit the request.
Certificate Profile does not support Key Type 'EC - brainpoolP160r1'. EC key type with the specified curve is not supported for the chosen certificate type. Please specify the key type that is supported by the chosen cert type in the CA connector and resubmit the request.

Issues in Revoking an InCommon Certificate

Table 6. Error messages and resolutions
Error Message Possible Cause Possible Solution
Unknown User Username or password may be invalid Check and correct the username and password in the CA setting.
Invalid auth data URI may be invalid Check and correct the URI in the CA setting.

For example: https://cert-manager.com/customer/<customer_uri>/ssl - here URI is customer_uri.
Wrong url specified or the url is not reachable Base URL may be invalid Validate and correct the base URL in the CA setting.
Invalid CA settings details Proxy details could be wrong Check and correct the proxy details configured in the proxy settings.
Proxy details is not configured in proxy settings. Proxy field is enabled in CA Settings but proxy details are not configured in proxy settings. Configure the proxy details in proxy settings.

Issues in Discovering InCommon Certificates

Table 7. Error messages and resolutions
Error Message Possible Cause Possible Solution
Unknown User Username or password may be invalid Check and correct the username and password in the CA setting.
Invalid auth data URI may be invalid Check and correct the URI in the CA setting.

For example: https://cert-manager.com/customer/<customer_uri>/ssl - here URI is customer_uri.
Wrong url specified or the url is not reachable Base URL may be invalid Validate and correct the base URL in the CA Settings.
Invalid CA settings details Proxy details could be wrong Check and correct the proxy details configured in the proxy settings.
Proxy details is not configured in proxy settings. Proxy field is enabled in CA Settings but proxy details are not configured in proxy settings. Configure the proxy details in proxy settings.