1# Network Security Error Codes
2
3> **NOTE**
4>
5>This topic describes only module-specific error codes. For details about universal error codes, see [Universal Error Codes](../errorcode-universal.md).
6
7## 2305001 Unspecified Error
8
9**Error Message**
10
11Unspecified error.
12
13**Description**
14
15This error code is reported if an unspecified error occurs.
16
17**Solution**
18
19Check the input parameters, captured exceptions, and debug and log information.
20
21## 2305002 Failed to Obtain the Issuer Certificate
22
23**Error Message**
24
25Unable to get issuer certificate.
26
27**Description**
28
29This error code is reported if the attempt to obtain the issuer certificate fails.
30
31**Possible Cause**
32
33The certificate chain is incomplete or an incorrect certificate is configured on the server.
34
35**Solution**
36
37Check whether the SSL/TLS connection is correctly set with a certificate path and certificate chain and whether the certificate verification is successful.
38
39## 2305003 Failed to Obtain the Certificate Revocation List
40
41**Error Message**
42
43Unable to get certificate revocation list (CRL).
44
45**Description**
46
47This error code is reported if the attempt to obtain the CRL fails.
48
49**Possible Cause**
50
51The network is faulty, the CRL server is incorrectly configured, or the CA service is unavailable.
52
53**Solution**
54
55Check the network, ensure that the CRL server URI is correct, update the CRL file, or use the Online Certificate Status Protocol (OCSP) to check the certificate status.
56
57## 2305004 Failed to Decrypt the Certificate Signature
58
59**Error Message**
60
61Unable to decrypt certificate signature.
62
63**Description**
64
65This error code is reported if the attempt to decrypt the certificate signature fails.
66
67**Possible Cause**
68
69The private key is missing or incorrect.
70
71**Solution**
72
73Check that the client has a correct private key, the private key matches the public key of the certificate, and the private key format is correct.
74
75## 2305005 Failed to Decrypt the CRL Signature
76
77**Error Message**
78
79Unable to decrypt CRL signature.
80
81**Description**
82
83This error code is reported if the attempt to decrypt the CRL signature fails.
84
85**Possible Cause**
86
87The CRL encryption algorithm is not supported by the client, or the key used to encrypt the CRL signature cannot be identified by the client.
88
89**Solution**
90
91Check that the client has a correct private key, the private key matches the public key of the CRL, and the private key format is correct.
92
93## 2305006 Failed to Decode the Issuer Public Key
94
95**Error Message**
96
97Unable to decode issuer public key.
98
99**Description**
100
101This error code is reported if the attempt to decode the public key fails.
102
103**Possible Cause**
104
105The certificate format is incorrect, or the public key data is damaged.
106
107**Solution**
108
109Check the certificate format and public key data, and regenerate the certificate.
110
111## 2305007 Failed to Sign the Certificate
112
113**Error Message**
114
115Certificate signature failure.
116
117**Description**
118
119This error code is reported if the attempt to sign the certificate fails.
120
121**Possible Cause**
122
123The certificate signature is incorrectly calculated, or the digital signature algorithm used by the certificate is not supported by the client.
124
125**Solution**
126
127Check that the signature algorithm used by the certificate is supported by the client, the signature key of the certificate matches the public key, and the signature data is correct. Alternatively, regenerate or update the certificate.
128
129## 2305008 Failed to Sign the CRL
130
131**Error Message**
132
133CRL signature failure.
134
135**Description**
136
137This error code is reported if the attempt to sign the CRL fails.
138
139**Possible Cause**
140
141The CRL signature is incorrectly calculated, or the digital signature algorithm used by the CRL is not supported by the client.
142
143**Solution**
144
145Check that the signature algorithm and signature key of the CRL are correct. Alternatively, regenerate or update the CRL.
146
147## 2305009 Invalid Certificate
148
149**Error Message**
150
151Certificate is not yet valid.
152
153**Description**
154
155This error code is reported if the certificate has not taken effect.
156
157**Possible Cause**
158
159The start date of the certificate is later than the current date.
160
161**Solution**
162
163Check the start date and end date of the certificate, and update or regenerate the certificate.
164
165## 2305010 Certificate Expired
166
167**Error Message**
168
169Certificate has expired.
170
171**Description**
172
173This error code is reported if the certificate has expired.
174
175**Possible Cause**
176
177The end date of the certificate is earlier than the current date.
178
179**Solution**
180
181Check the start date and end date of the certificate, and update or regenerate the certificate.
182
183## 2305011 Invalid CRL
184
185**Error Message**
186
187CRL is not yet valid.
188
189**Description**
190
191This error code is reported if the CRL has not taken effect.
192
193**Possible Cause**
194
195The start date of the CRL is later than the current date.
196
197**Solution**
198
199Check that the validity period of the CRL is between the specified start date and end date. Alternatively, regenerate or update the CRL.
200
201## 2305012 CRL Expired
202
203**Error Message**
204
205CRL has expired.
206
207**Description**
208
209This error code is reported if the CRL has expired.
210
211**Possible Cause**
212
213The end date of the CRL is earlier than the current date.
214
215**Solution**
216
217Update the CRL using OCSP to obtain the latest CRL file.
218
219## 2305018 Self-signed Certificate
220
221**Error Message**
222
223Self-signed certificate.
224
225**Description**
226
227This error code is reported if a self-signed certificate is used.
228
229**Possible Cause**
230
231The certificate signature is obtained through the public key of the certificate itself and is not issued by a trusted CA.
232
233**Solution**
234
235Check the certificate source, and add the self-signed certificate as a trusted CA.
236
237## 2305020 Failed to Obtain the Local Issuer Certificate
238
239**Error Message**
240
241Unable to get local issuer certificate.
242
243**Description**
244
245This error code is reported if the attempt to obtain the local issuer certificate fails.
246
247**Possible Cause**
248
249The certificate storage on the client is not one issued by a trusted CA.
250
251**Solution**
252
253Check that the client has a correct CA certificate. Update the certificate, check the network connection, and reconfigure the client.
254
255## 2305023 Certificate Revoked
256
257**Error Message**
258
259Certificate has been revoked.
260
261**Description**
262
263This error code is reported if certificate has been revoked.
264
265**Possible Cause**
266
267The certificate has expired or has been revoked, or the certificate chain is incomplete.
268
269**Solution**
270
271Check whether the certificate has been revoked. If yes, use an available certificate.
272
273## 2305024 Invalid CA
274
275**Error Message**
276
277Invalid certificate authority (CA).
278
279**Description**
280
281This error code is reported if the CA is invalid.
282
283**Possible Cause**
284
285The CA certificate has expired or has been revoked, or the certificate is not issued by a trusted CA.
286
287**Solution**
288
289Check that the certificate is available and issued by a trusted CA. If not, replace it with one issued by a trusted CA.
290
291## 2305027 Untrusted Certificate
292
293**Error Message**
294
295Certificate is untrusted.
296
297**Description**
298
299This error code is reported if the certificate is untrusted.
300
301**Possible Cause**
302
303The certificate is issued by an untrusted CA or the certificate has been revoked.
304
305**Solution**
306
307Check that the certificate is issued by a trusted CA and the signature key of the certificate matches the expected key of the client. If the certificate is issued by an untrusted CA, replace it with one issued by a trusted CA.
308
309## 2305069 Invalid Certificate Verification Context
310
311**Error Message**
312
313Invalid certificate verification context.
314
315**Description**
316
317This error code is reported if the certificate verification context is invalid.
318
319**Possible Cause**
320
321An intermediate certificate is missing in the certificate chain, the public key of the certificate does not match the private key, the signature verification of the certificate fails, or the host name does not match the certificate.
322
323**Solution**
324
325Check the certificate chain to make sure that all certificates and signatures are correct.
326