Return Codes
PKI Services Manager returns the following codes to the application requesting validation services.
-
Code 0 = No errors, successful validation.
-
Codes 1-10 = Command-line errors, either with winpki or pkid.
-
Codes 11-19 = Network or protocol errors.
-
Codes 21-29 = Validation errors.
-
Codes 31-39 = Mapper errors (certificate is valid but could not be mapped).
-
Codes 41-49 = CRL or other revocation errors
| Code | Meaning |
|---|---|
| 0 | No errors |
| 1 | General error, unknown cause |
| 2 | Syntax error with the command, improper arguments |
| 3 | PKI Services Manager is already running |
| 4 | Error in the configuration file |
| 5 | Timeout occurred while executing the command |
| 6 | Network error (for example, cannot connect to PKI Services Manager) |
| 7 | Access denied, user does not have permission to run the command |
| 8 | System error. This is an internal error. Re-run with –d switch to see what happened |
| 9 | Migration or initialization failed. See migration error log |
| 11 | Unknown command was requested by the calling application |
| 12 | An exception was thrown by PKI Services Manager. For more information, see the PKI Services Manager event log |
| 13 | Syntax error with the command or packet sent to PKI Services Manager |
| 14 | Command was ignored (not currently used, internal error) |
| 15 | Processing error. The certificate sent to PKI Services Manager is not encoded correctly |
| 16 | Command failed (commands are: stop, reload, reconfigure) |
| 17 | Signature mismatch. Sender did not sign with a matching key |
| 18 | Format error. The ASN protocol was not properly formatted |
| 19 | PKI Services Manager is in FIPS mode and the certificate is not valid in that mode |
| 21 | Certificate is invalid (expired, not signed, bad key, etc.) |
| 22 | No path. The issuing certificate could not be located |
| 23 | Certificate is revoked |
| 24 | No trust anchor. The path did not terminate to a known trust anchor |
| 25 | Other validation error. Policy or other constraints failed |
| 26 | Path length to the end certificate exceeded the CA path length constraint |
| 27 | Certificate policy is invalid or does not match assertions in effect |
| 28 | Invalid certificate signature |
| 29 | Unknown critical extension was encountered in a certificate or CRL |
| 31 | Identity requested did not match allowed identities |
| 32 | No identities are allowed for this certificate (no maps exist that match) |
| 33 | Calling application did not send an identity for matching (client-side error) |
| 34 | Certificate is valid, but requested WhoAmI processing |
| 41 | Unknown CRL processing error |
| 42 | No base for a delta CRL |
| 43 | CRL has expired |
| 44 | Cannot verify signature or it is bad |
| 45 | Unknown CRL extension that is marked critical |
| 46 | Mismatch of IDP field in CRL |
| 47 | No CRL available |