Skip to main content

sslcfg command errors

This topic lists errors for the sslcfg command.

See Common errors for a list of error messages that apply to all commands. See sslcfg command for information about command syntax and examples of command use.

Table 1. sslcfg command errors.

The error table is a multi-row, two-column table where each row describes a CMM CLI command error: column one lists the error reported by the command-line interface and column two describes what the error means.

Error messageDefinition
-cabu can only be used with -upld and -uA user tries to import an externally signed LDAP client certificate and CA bundle without specifying the -upld and -u options.
-cabu is required when importing a certificateA user tries to import an externally signed LDAP client certificate and CA bundle without using the -cabu option to specify a URL.
-crlx import/download cannot be used with -dnld, -upld, or -tcx import/downloadA user tries to import or download a certificate revocation list when specifying -dnld, -upld, or -tcx import/download at the same time.
-csa can only be used with -gen ca or -gen ldapsrvA user tries to issue the -csa option without the -gen option or without providing the ca or ldapsrv argument for the -gen option.
-csa must be specified when the mode is compA user tries to generate a CA certificate, failing to specify the certificate signing algorithm while the cryptographic mode is set to comp (compatibility with all NIST cipher suites).
-dnld cannot be used with -upld, -tcx import/download, or -crlx import/downloadA user tries to download an externally signed server certificate and CA bundle when specifying -upld, -tcx import/download, or -crlx import/download at the same time.
-dnld or -upld must be with -u specifiedA user tries to issue a download certificate signing request or an import certificate command without the -u option.
-f can only be used with -dnld cert/csrA user tries to specify the format of a certificate or certificate signing request without specifying a download.
-remove can only be used with -t clientA user tries to issue the -remove option without the -t option or without providing the client argument for the -t option.
-tcx import/download cannot be used with -dnld, -upld, or -crlx import/downloadA user tries to import or download a trusted certificate when specifying -dnld, -upld, or -crlx import/download at the same time.
-u must be provided to download or import a certificate revocation list.A user tries to issue a download or import trusted certificate revocation list command without the -u option.
-u must be provided to import a trusted certificateA user tries to issue an import trusted certificate command without the -u option.
-upld cannot be used with -dnld, -tcx import/download, or -crlx import/downloadA user tries to import an externally signed server certificate and CA bundle when specifying -dnld, -tcx import/download, or -crlx import/download at the same time.
Arguments of required options must not be blankA user tries to enter a required option without its argument.
CA certificate regeneration not permitted. The following nodes require an update to the latest blade firmware: node

where node identifies the compute nodes requiring a firmware update.

A user attempts to regenerate a CA certificate when compute node firmware requires an update to support the change.
CA generation does not support user inputsA user tries to generate a CA certificate with options other than -csa.
Cannot open file: filename

where filename is the name of the file that was entered for opening.

An error occurs while the CMM is trying to open a file.
CLI map failed error = error

where error specifies error.

An error occurs while the CMM is mapping the file to memory.
CMM security policy disallows -httpse disable (http enable) right now.A user tries to disable the SSL server when the CMM security policy is set to secure.
Converting DER back to X509 format failed.An error occurs while the CMM is converting DER back to X509 format.
CSR generation for client failedAn error occurs while the CMM is generating a certificate signing request for a client.
CSR generation for server failedAn error occurs while the CMM is generating a certificate signing request for a server.
Deleting trusted_certindex failed

where index is the number of the selected trusted certificate, between 1 and 4 (inclusive).

A user tries to delete a nonexistent trusted certificate.
Downloading Cert/CA/CSR to argument failed

where:

  • Cert/CA/CSR specifies whether the user tried to download a certificate, certificate authority, or certificate signing request.
  • argument identifies the remote location of the item be downloaded from. It must specify a fully qualified filename.
An error occurs while the CMM is downloading a certificate, certificate authority, or certificate signing request.
Error deleting LDAP client CA bundleAn error occurs while the CMM is deleting a certificate authority bundle.
Error deleting LDAP client certificateAn error occurs while the CMM is deleting an LDAP client certificate.
Error: LDAP Client Certificate Doesn't ExistA user tries to view or download an externally signed LDAP client certificate that does not exist.
Error: Requested Certificate Doesn't ExistA user tries to view an externally signed server certificate or CA bundle that does not exist.
Error: unknown certificateAn error occurs because an unknown certificate type is referred to.
Exporting Cert/CSR/CA failed

where Cert/CSR/CA specifies whether the user tried to export a certificate, certificate signing request, or certificate authority.

An error occurs while the CMM is exporting a certificate, certificate signing request, or certificate authority.
Externally signed SSL server certificate file format must be PEM or DER.A user tries to import an externally signed server certificate of the wrong file format.
Failed - EnableCRLCheck is enabled but no signed crl installedAn error occurs while setting the state for the LDAP client because no signed certificate revocation list is installed.
Failed - no trusted certificate installedAn error occurs while setting the state for the LDAP client because no trusted certificate is installed.
Failed - Requested file doesn't existA user tries to view or download a trusted certificate or certificate revocation list file that does not exist.
File format must be PEM or DER.A user tries to import a trusted certificate or certificate revocation list of the wrong file format.
File to be deleted doesn't exist.A user tries to delete a trusted certificate, certificate revocation list, externally signed client certificate, or CA bundle file that does not exist.
File transfer failed.An error occurs while transferring a file during file upload.
File transfer failed abnormally.An error occurs while transferring a file during file upload.
Generate CA failedAn error occurs during CA certificate generation.
Generate LDAP server certificate failedAn error occurs during LDAP server certificate generation.
Getting SSL Client Certificate status failed.An error occurs while the CMM is reading the SSL client certificate status.
Getting SSL CSR status failed.An error occurs while the CMM is reading the SSL certificate signing request status.
Getting SSL Server Certificate status failed.An error occurs while the CMM is reading the SSL server certificate status.
Getting SSL Server CSR status failed.An error occurs while the CMM is reading the SSL server certificate signing request status.
Importing url failed

where url is the URL that was entered.

An error occurs while importing the indicated URL.
Invalid argument for -viewA user tries to issue a command with an invalid argument for the -view option.
Invalid SSL target for certificate revocation list: serverA user tries to issue a command for a certificate revocation list with a target of server'.
Invalid SSL target for Trusted certificate: serverA user tries to issue a command for a trusted certificate with a target of server'.
Invalid URL for -u: url

where url is the URL that was entered.

A user tries to enter a URL that is not valid.
Intermediate Root CA bundle file format must be PEM or DER.A user tries to import a CA bundle of the wrong file format.
LDAP Client Certificate File format must be PEM or DER.A user tries to import an externally signed client certificate of the wrong file format.
LDAP server certificate generation does not support user inputsA user tries to enter information when generating a LDAP server certificate.
LDAP Server must use internally signed SLL Server certificate. The following devices prevent use of an externally signed SSL Certificate with LDAP server.

list of nodes

The LDAP sever will use an internally signed SSL certificate until blocking devices are removed (FSP's) or up-dated to latest firmware (IMMv2)

where list of nodes specifies the devices that prevent use of externally signed SSL certificates.

A user tries to use externally signed SSL certificates on devices configured to restrict their use.
Missing required options.A user tries to issue a command for the SSL configuration without entering all the required options.
Mode nist800-131a requires rsa2048sha256A user tries to generate a CA certificate using rsa2048sha1 as the signing algorithm while the cryptographic mode is set to nist800-131a.
No Cert/CSR/CA available.

where Cert/CSR/CA specifies whether the user specified a certificate, certificate signing request, or certificate authority.

A user tries to issue a command to download a nonexistent certificate, certificate signing request, or certificate authority.
No trusted_certindex available.

where index is the number of the selected trusted certificate, between 1 and 4 (inclusive).

A user tries to issue commands to a nonexistent trusted certificate.
No valid client certificate is in place. Type 'sslcfg -h' for syntax help of the SSLclient Certificate generation command.A user tries to issue a command to enable the SSL client without a valid client certificate in place.
No valid server certificate is in place. Type 'sslcfg -h' for syntax help of the SSL Server Certificate generation command.A user tries to issue a command to enable the SSL server without a valid server certificate in place.
No valid trusted certificate is in place. Type 'sslcfg -h' for syntax help of the SSL trusted Certificate importing command.A user tries to issue a command to enable the SSL client without a valid trusted certificate in place.
Reading certificate revocation list failedAn error occurs while reading the certificate revocation list.
The externally signed LDAP Client certificate doesn't exist.A user tries to import an externally signed client certificate that does not exist.
The externally signed SSL Server certificate doesn't exist.A user tries to import an externally signed server certificate that does not exist.
The following devices prevent use of an externally signed SSL Certificate with LDAP server.

list of nodes

The LDAP sever will use an internally signed SSL certificate until blocking devices are removed (FSP's) or up-dated to latest firmware (IMMv2)

where list of nodes specifies the devices that prevent use of externally signed SSL certificates.

A user tries to use externally signed SSL certificates on devices configured to restrict their use.
The imported file doesn't exist.A user tries to import a trusted certificate or certificate revocation list that does not exist.
The intermediate root ca bundle is not a valid chain of trustA user tries to import an intermediate CA bundle that is not trusted.
The LDAP Client intermediate root ca certificate bundle doesn't exist.A user tries to import an intermediate CA bundle that does not exist.
The LDAP Client intermediate root ca certificate bundle file format must be PEM or DER.A user tries to import an intermediate CA bundle of the wrong file format.
The LDAP server is now using externally signed SSL certificate as all end point devices firmware reports they can support.Advisory message indicating that all devices report support of external SSL certificates.
The SSL Server intermediate ca certificate bundle doesn't exist.A user tries to import a CA bundle that does not exist.
The SSL Server root ca certificate doesn't exist.A user tries to import a certificate that does not exist.
There was a problem downloading the fileThe user does not have the authority for downloading or an error occurs when downloading.
There was a problem retrieving the file.An error occurs while transferring the file.
Update Failed, invalid remote location specifiedThe location specified for update is not valid.
URL syntax checking failedA user tries to enter a URL that is not valid.
Viewing -crl1 failedAn error occurs while viewing certificate revocation list 1.
Viewing -crl2 failedAn error occurs while viewing certificate revocation list 2.
Viewing -crl3 failedAn error occurs while viewing certificate revocation list 3.
Viewing -tc1 failedAn error occurs while viewing trusted certificate 1.
Viewing -tc2 failedAn error occurs while viewing trusted certificate 2.
Viewing -tc3 failedAn error occurs while viewing trusted certificate 3.
Viewing CA failedAn error occurs while viewing a certificate authority.
Viewing externally signed LDAP client certificate failedAn error occurs while viewing an externally signed LDAP client certificate.
Viewing externally signed server certificate failedAn error occurs while viewing an externally signed server certificate.
Viewing intermediate CA bundle failedAn error occurs while viewing an intermediate certificate authority bundle.
Viewing internally signed server certificate failedAn error occurs while viewing an internally signed server certificate.
Writing X509 format certificate to file failed.An error occurs while the CMM is writing the X509 format certificate to File.