1# Network Security Error Codes 2 3> **NOTE** 4> 5>This topic describes only module-specific error codes. For details about universal error codes, see [Universal Error Codes](../errorcode-universal.md). 6 7## 2305001 Unspecified Error 8 9**Error Message** 10 11Unspecified error. 12 13**Description** 14 15This error code is reported if an unspecified error occurs. 16 17**Solution** 18 19Check the input parameters, captured exceptions, and debug and log information. 20 21## 2305002 Failed to Obtain the Issuer Certificate 22 23**Error Message** 24 25Unable to get issuer certificate. 26 27**Description** 28 29This error code is reported if the attempt to obtain the issuer certificate fails. 30 31**Possible Cause** 32 33The certificate chain is incomplete or an incorrect certificate is configured on the server. 34 35**Solution** 36 37Check whether the SSL/TLS connection is correctly set with a certificate path and certificate chain and whether the certificate verification is successful. 38 39## 2305003 Failed to Obtain the Certificate Revocation List 40 41**Error Message** 42 43Unable to get certificate revocation list (CRL). 44 45**Description** 46 47This error code is reported if the attempt to obtain the CRL fails. 48 49**Possible Cause** 50 51The network is faulty, the CRL server is incorrectly configured, or the CA service is unavailable. 52 53**Solution** 54 55Check the network, ensure that the CRL server URI is correct, update the CRL file, or use the Online Certificate Status Protocol (OCSP) to check the certificate status. 56 57## 2305004 Failed to Decrypt the Certificate Signature 58 59**Error Message** 60 61Unable to decrypt certificate signature. 62 63**Description** 64 65This error code is reported if the attempt to decrypt the certificate signature fails. 66 67**Possible Cause** 68 69The private key is missing or incorrect. 70 71**Solution** 72 73Check that the client has a correct private key, the private key matches the public key of the certificate, and the private key format is correct. 74 75## 2305005 Failed to Decrypt the CRL Signature 76 77**Error Message** 78 79Unable to decrypt CRL signature. 80 81**Description** 82 83This error code is reported if the attempt to decrypt the CRL signature fails. 84 85**Possible Cause** 86 87The CRL encryption algorithm is not supported by the client, or the key used to encrypt the CRL signature cannot be identified by the client. 88 89**Solution** 90 91Check that the client has a correct private key, the private key matches the public key of the CRL, and the private key format is correct. 92 93## 2305006 Failed to Decode the Issuer Public Key 94 95**Error Message** 96 97Unable to decode issuer public key. 98 99**Description** 100 101This error code is reported if the attempt to decode the public key fails. 102 103**Possible Cause** 104 105The certificate format is incorrect, or the public key data is damaged. 106 107**Solution** 108 109Check the certificate format and public key data, and regenerate the certificate. 110 111## 2305007 Failed to Sign the Certificate 112 113**Error Message** 114 115Certificate signature failure. 116 117**Description** 118 119This error code is reported if the attempt to sign the certificate fails. 120 121**Possible Cause** 122 123The certificate signature is incorrectly calculated, or the digital signature algorithm used by the certificate is not supported by the client. 124 125**Solution** 126 127Check that the signature algorithm used by the certificate is supported by the client, the signature key of the certificate matches the public key, and the signature data is correct. Alternatively, regenerate or update the certificate. 128 129## 2305008 Failed to Sign the CRL 130 131**Error Message** 132 133CRL signature failure. 134 135**Description** 136 137This error code is reported if the attempt to sign the CRL fails. 138 139**Possible Cause** 140 141The CRL signature is incorrectly calculated, or the digital signature algorithm used by the CRL is not supported by the client. 142 143**Solution** 144 145Check that the signature algorithm and signature key of the CRL are correct. Alternatively, regenerate or update the CRL. 146 147## 2305009 Invalid Certificate 148 149**Error Message** 150 151Certificate is not yet valid. 152 153**Description** 154 155This error code is reported if the certificate has not taken effect. 156 157**Possible Cause** 158 159The start date of the certificate is later than the current date. 160 161**Solution** 162 163Check the start date and end date of the certificate, and update or regenerate the certificate. 164 165## 2305010 Certificate Expired 166 167**Error Message** 168 169Certificate has expired. 170 171**Description** 172 173This error code is reported if the certificate has expired. 174 175**Possible Cause** 176 177The end date of the certificate is earlier than the current date. 178 179**Solution** 180 181Check the start date and end date of the certificate, and update or regenerate the certificate. 182 183## 2305011 Invalid CRL 184 185**Error Message** 186 187CRL is not yet valid. 188 189**Description** 190 191This error code is reported if the CRL has not taken effect. 192 193**Possible Cause** 194 195The start date of the CRL is later than the current date. 196 197**Solution** 198 199Check that the validity period of the CRL is between the specified start date and end date. Alternatively, regenerate or update the CRL. 200 201## 2305012 CRL Expired 202 203**Error Message** 204 205CRL has expired. 206 207**Description** 208 209This error code is reported if the CRL has expired. 210 211**Possible Cause** 212 213The end date of the CRL is earlier than the current date. 214 215**Solution** 216 217Update the CRL using OCSP to obtain the latest CRL file. 218 219## 2305018 Self-signed Certificate 220 221**Error Message** 222 223Self-signed certificate. 224 225**Description** 226 227This error code is reported if a self-signed certificate is used. 228 229**Possible Cause** 230 231The certificate signature is obtained through the public key of the certificate itself and is not issued by a trusted CA. 232 233**Solution** 234 235Check the certificate source, and add the self-signed certificate as a trusted CA. 236 237## 2305020 Failed to Obtain the Local Issuer Certificate 238 239**Error Message** 240 241Unable to get local issuer certificate. 242 243**Description** 244 245This error code is reported if the attempt to obtain the local issuer certificate fails. 246 247**Possible Cause** 248 249The certificate storage on the client is not one issued by a trusted CA. 250 251**Solution** 252 253Check that the client has a correct CA certificate. Update the certificate, check the network connection, and reconfigure the client. 254 255## 2305023 Certificate Revoked 256 257**Error Message** 258 259Certificate has been revoked. 260 261**Description** 262 263This error code is reported if certificate has been revoked. 264 265**Possible Cause** 266 267The certificate has expired or has been revoked, or the certificate chain is incomplete. 268 269**Solution** 270 271Check whether the certificate has been revoked. If yes, use an available certificate. 272 273## 2305024 Invalid CA 274 275**Error Message** 276 277Invalid certificate authority (CA). 278 279**Description** 280 281This error code is reported if the CA is invalid. 282 283**Possible Cause** 284 285The CA certificate has expired or has been revoked, or the certificate is not issued by a trusted CA. 286 287**Solution** 288 289Check that the certificate is available and issued by a trusted CA. If not, replace it with one issued by a trusted CA. 290 291## 2305027 Untrusted Certificate 292 293**Error Message** 294 295Certificate is untrusted. 296 297**Description** 298 299This error code is reported if the certificate is untrusted. 300 301**Possible Cause** 302 303The certificate is issued by an untrusted CA or the certificate has been revoked. 304 305**Solution** 306 307Check that the certificate is issued by a trusted CA and the signature key of the certificate matches the expected key of the client. If the certificate is issued by an untrusted CA, replace it with one issued by a trusted CA. 308 309## 2305069 Invalid Certificate Verification Context 310 311**Error Message** 312 313Invalid certificate verification context. 314 315**Description** 316 317This error code is reported if the certificate verification context is invalid. 318 319**Possible Cause** 320 321An intermediate certificate is missing in the certificate chain, the public key of the certificate does not match the private key, the signature verification of the certificate fails, or the host name does not match the certificate. 322 323**Solution** 324 325Check the certificate chain to make sure that all certificates and signatures are correct. 326