Secure Mobile Access 12.4 Administration Guide

Viewing Client Certificate Errors in the Log

If the appliance is unable to verify a certificate chain, a message such as this one appears in the system message log file:

[09/Nov/2016:21:28:14.610949 +0000] E-Class SRASSLVPN 001539 ps 10000042 Info System Auth: CRL-CERT: Cert verification status = 0, err = 20 'unable to get local issuer certificate'

This message includes an error code (in this case, 20) reporting why the certificate check failed. These error codes are described in the Client certificate error codes table.

Client certificate error codes
CodeError messageDescription
2Unable to get issuer certificateThe issuer certificate of an untrusted certificate could not be found.
7Certificate signature failureThe signature of the certificate is invalid.
9Certificate is not yet validThe certificate is not yet valid.
10Certificate has expiredThe certificate has expired.
18Self-signed certificateThe passed certificate is self-signed and cannot be found in the list of trusted certificates.
19Self-signed certificate in certificate chainThe certificate chain can be built using the untrusted certificates, but the root cannot be found locally.
20Unable to get local issuer certificateThis normally means the list of trusted certificates is not complete. This error can also occur when an intermediate certificate is used for authentication (a root certificate is required).
21Unable to verify the first certificateNo signatures could be verified because the chain contains only one certificate and is not self-signed.
22Certificate chain too longThe certificate chain length is greater than the supplied maximum depth.
23Certificate revokedThe certificate has been revoked.
24Invalid CA certificateA CA certificate is invalid. Either it is not a CA or its extensions are not consistent with the supplied purpose.

Was This Article Helpful?

Help us to improve our support portal

Techdocs Article Helpful form

Techdocs Article NOT Helpful form

  • Still can't find what you're looking for? Try our knowledge base or ask our community for more help.