I've tried the tip in the Firefox help page (delete the 'cert8.db' file), but the problem persists. (I couldn't even get to the Firefox help pages within Firefox, had to use Chrome to get here!) The error message implies it's a problem with the secure web sites themselves, but that can't be right, as I can easily open them with several other browsers. The Firefox help page gives several examples of error messages of the type 'sec_error_......', but not the specific one I get: 'sec_error_ocsp_old_response'.
Error code: SECERROROCSPOLDRESPONSE This surprises you, because you have previously expressed your trust in the CAcert (CA Cert Signing Authority) root certificate. Today, however, you are still not getting access. This has to do with an update from Firefox, which changes a default setting. The OCSP response contains out-of-date information. (Error code: secerrorocspoldresponse) The page you are trying to view can not be shown because the authenticity of the received data could not be verified. Please contact the web site owners to inform them of this problem. How can I contact the site owners if I can't go to the site?
I'm running Windows 8.1, and have tried uninstalling then re-installing Firefox, to no avail.
Thanks for any advice!
You are currently viewing a snapshot of www.mozilla.org taken on April 21, 2008. Most of this content ishighly out of date (some pages haven't been updated since the project began in 1998) and exists for historical purposes only. Ifthere are any pages on this archive site that you think should be added back to www.mozilla.org, please file a bug.
- Coding
- Testing
- Tools
Chapter 8
NSS and SSL Error Codes
NSS error codes are retrieved using theNSPR function PR_GetError.In addition to the error codes defined by NSPR, Sec_error_ocsp_old_response خطای
PR_GetErrorretrieves the error codes described in this chapter.SSL Error CodesSec_error_ocsp_old_response Linux
SEC Error CodesSSL Error Codes
Table 8.1 Error codes defined in sslerr.hConstant | Value | Description |
---|---|---|
SSL_ERROR_EXPORT_ONLY_SERVER | -12288 | 'Unableto communicate securely. Peer does not support high-grade encryption.' The local system was configured tosupport the cipher suites permitted for domestic use. The remote systemwas configured to support only the cipher suites permitted for exportuse. |
SSL_ERROR_US_ONLY_SERVER | -12287 | 'Unableto communicate securely. Peer requires high-grade encryption which isnot supported.' The remote system was configuredto support the cipher suites permitted for domestic use. The localsystem was configured to support only the cipher suites permitted forexport use. |
SSL_ERROR_NO_CYPHER_OVERLAP | -12286 | 'Cannotcommunicate securely with peer: no common encryption algorithm(s).' The local and remote systems shareno cipher suites in common. This can be due to a misconfiguration ateither end. It can be due to a server being misconfigured to use anon-RSA certificate with the RSA key exchange algorithm. |
SSL_ERROR_NO_CERTIFICATE | -12285 | 'Unableto find the certificate or key necessary for authentication.' This error has many potentialcauses; for example: Certificate or key not found in database. Certificate not marked trusted indatabase and Certificate's issuer not marked trusted in database. Wrong password for keydatabase. Missing database. |
SSL_ERROR_BAD_CERTIFICATE | -12284 | 'Unableto communicate securely with peer: peers's certificate wasrejected.' A certificate was received fromthe remote system and was passed to the certificate authenticationcallback function provided by the local application. That callbackfunction returned SECFailure, and the bad certificate callbackfunction either was not configured or did not choose to override theerror code returned by the certificate authentication callback function. |
-12283 | (unused) | |
SSL_ERROR_BAD_CLIENT | -12282 | 'Theserver has encountered bad data from the client.' This error code should occur onlyon sockets that are acting as servers. It is a generic error, used whennone of the other more specific error codes defined in this file applies. |
SSL_ERROR_BAD_SERVER | -12281 | 'Theclient has encountered bad data from the server.' This error code should occur onlyon sockets that are acting as clients. It is a generic error, used whennone of the other more specific error codes defined in this file applies. |
SSL_ERROR_UNSUPPORTED_CERTIFICATE_TYPE | -12280 | 'Unsupportedcertificate type.' The operation encountered acertificate that was not one of the well known certificate types handledby the certificate library. |
SSL_ERROR_UNSUPPORTED_VERSION | -12279 | 'Peerusing unsupported version of security protocol.' On a client socket, this means theremote server has attempted to negotiate the use of a version of SSLthat is not supported by the NSS library, probably an invalid versionnumber. On a server socket, this means the remote client has requestedthe use of a version of SSL older than version 2. |
-12278 | (unused) | |
-12277 | 'Client authenticationfailed: private key in key database does not correspond to public key incertificate database.' | |
SSL_ERROR_BAD_CERT_DOMAIN | -12276 | 'Unableto communicate securely with peer: requested domain name does not matchthe server's certificate.' This error code should be returnedby the certificate authentication callback function when it detects thatthe Common Name in the remote server's certificate does not match thehostname sought by the local client, according to the matching rulesspecified for CERT_VerifyCertName. |
-12275 | (unused) | |
SSL_ERROR_SSL2_DISABLED | -12274 | 'Peeronly supports SSL version 2, which is locally disabled.' The remote server has asked to useSSL version 2, and SSL version 2 is disabled in the local client'sconfiguration. |
SSL_ERROR_BAD_MAC_READ | -12273 | 'SSLreceived a record with an incorrect Message Authentication Code.' This usually indicates that theclient and server have failed to come to agreement on the set of keysused to encrypt the application data and to check message integrity. Ifthis occurs frequently on a server, an active attack (such as the'million question' attack) may be underway against the server. |
SSL_ERROR_BAD_MAC_ALERT | -12272 | 'SSLpeer reports incorrect Message Authentication Code.' The remote system has reportedthat it received a message with a bad Message Authentication Code fromthe local system. This may indicate that an attack on that server isunderway. |
SSL_ERROR_BAD_CERT_ALERT | -12271 | 'SSLpeer cannot verify your certificate.' The remote system has received acertificate from the local system, and has rejected it for some reason. |
SSL_ERROR_REVOKED_CERT_ALERT | -12270 | 'SSLpeer rejected your certificate as revoked.' The remote system has received acertificate from the local system, and has determined that thecertificate has been revoked. |
SSL_ERROR_EXPIRED_CERT_ALERT | -12269 | 'SSLpeer rejected your certificate as expired.' The remote system has received acertificate from the local system, and has determined that thecertificate has expired. |
SSL_ERROR_SSL_DISABLED | -12268 | 'Cannotconnect: SSL is disabled.' The local socket is configured insuch a way that it cannot use any of the SSL cipher suites. Possiblecauses include: (a) both SSL2 and SSL3 are disabled, (b) All theindividual SSL cipher suites are disabled, or (c) the socket isconfigured to handshake as a server, but the certificate associated withthat socket is inappropriate for the Key Exchange Algorithm selected. |
SSL_ERROR_FORTEZZA_PQG | -12267 | 'Cannotconnect: SSL peer is in another FORTEZZA domain.' The local system and the remotesystem are in different FORTEZZA domains. They must be in the samedomain to communicate. |
SSL_ERROR_UNKNOWN_CIPHER_SUITE | -12266 | 'Anunknown SSL cipher suite has been requested.' The application has attempted toconfigure SSL to use an unknown cipher suite. |
SSL_ERROR_NO_CIPHERS_SUPPORTED | -12265 | 'Nocipher suites are present and enabled in this program.' Possible causes: (a) all ciphersuites have been configured to be disabled, (b) the only cipher suitesthat are configured to be enabled are those that are disallowed bycipher export policy, (c) the socket is configured to handshake as aserver, but the certificate associated with that socket is inappropriatefor the Key Exchange Algorithm selected. |
SSL_ERROR_BAD_BLOCK_PADDING | -12264 | 'SSLreceived a record with bad block padding.' SSL was using a Block cipher, andthe last block in an SSL record had incorrect padding information in it.This usually indicates that the client and server have failed to cometo agreement on the set of keys used to encrypt the application dataand to check message integrity. If this occurs frequently on a server,an active attack (such as the 'million question' attack) may beunderway against the server. |
SSL_ERROR_RX_RECORD_TOO_LONG | -12263 | 'SSLreceived a record that exceeded the maximum permissible length.' This generally indicates that theremote peer system has a flawed implementation of SSL, and is violatingthe SSL specification. |
SSL_ERROR_TX_RECORD_TOO_LONG | -12262 | 'SSLattempted to send a record that exceeded the maximum permissiblelength.' This error should never occur. Ifit does, it indicates a flaw in the NSS SSL library. |
SSL_ERROR_CLOSE_NOTIFY_ALERT | -12230 | 'SSLpeer has closed this connection.' The local socket received an SSL3alert record from the remote peer, reporting that the remote peer haschosen to end the connection. The receipt of this alert is an error onlyif it occurs while a handshake is in progress. |
SSL_ERROR_PUB_KEY_SIZE_LIMIT_EXCEEDED | -12210 | 'SSLServer attempted to use domestic-grade public key with export ciphersuite.' On a client socket, this errorreports that the remote server has failed to perform an 'SSL Step down'for an export cipher. It has sent a certificate bearing a domestic-gradepublic key, but has not sent a ServerKeyExchange message containing anexport-grade public key for the key exchange algorithm. Such aconnection cannot be permitted without violating U.S. export policies.On a server socket, this indicates a failure of the local library. |
SSL_ERROR_NO_SERVER_KEY_FOR_ALG | -12206 | 'Serverhas no key for the attempted key exchange algorithm.' An SSL client has requested an SSLcipher suite that uses a Key Exchange Algorithm for which the localserver has no appropriate public key. This indicates a configurationerror on the local server. |
SSL_ERROR_TOKEN_INSERTION_REMOVAL | -12205 | 'PKCS#11 token was inserted or removed while operation was inprogress.' A cryptographic operation requiredto complete the handshake failed because the token that was performingit was removed while the handshake was underway. Another token may alsohave been inserted into the same slot. |
SSL_ERROR_TOKEN_SLOT_NOT_FOUND | -12204 | 'NoPKCS#11 token could be found to do a required operation.' A cryptographic operation requireda PKCS#11 token with specific abilities, and no token could be found inany slot, including the 'soft token' in the internal virtual slot, thatcould do the job. May indicate a server configuration error, such ashaving a certificate that is inappropriate for the Key ExchangeAlgorithm selected. |
-12203 | 'Cannot communicatesecurely with peer: no common compression algorithm(s).' | |
-12202 | 'Cannot initiate anotherSSL handshake until current handshake is complete.' | |
-12201 | 'Received incorrecthandshakes hash values from peer.' | |
-12200 | 'The certificate providedcannot be used with the selected key exchange algorithm.' | |
-12199 | 'No certificate authorityis trusted for SSL client authentication.' | |
-12198 | 'Client's SSL session IDnot found in server's session cache.' | |
Received a malformed (too longor short or invalid content) SSL handshake: All the error codes in thefollowing block indicate that the local socket received an improperlyformatted SSL3 handshake message from the remote peer. This probablyindicates a flaw in the remote peer's implementation. | ||
SSL_ERROR_RX_MALFORMED_HELLO_REQUEST | -12261 | 'SSLreceived a malformed Hello Request handshake message.' |
SSL_ERROR_RX_MALFORMED_CLIENT_HELLO | -12260 | 'SSLreceived a malformed Client Hello handshake message.' |
SSL_ERROR_RX_MALFORMED_SERVER_HELLO | -12259 | 'SSLreceived a malformed Server Hello handshake message.' |
SSL_ERROR_RX_MALFORMED_CERTIFICATE | -12258 | 'SSLreceived a malformed Certificate handshake message.' |
SSL_ERROR_RX_MALFORMED_SERVER_KEY_EXCH | -12257 | 'SSLreceived a malformed Server Key Exchange handshake message.' |
SSL_ERROR_RX_MALFORMED_CERT_REQUEST | -12256 | 'SSLreceived a malformed Certificate Request handshake message.' |
SSL_ERROR_RX_MALFORMED_HELLO_DONE | -12255 | 'SSLreceived a malformed Server Hello Done handshake message.' |
SSL_ERROR_RX_MALFORMED_CERT_VERIFY | -12254 | 'SSLreceived a malformed Certificate Verify handshake message.' |
SSL_ERROR_RX_MALFORMED_CLIENT_KEY_EXCH | -12253 | 'SSLreceived a malformed Client Key Exchange handshake message.' |
SSL_ERROR_RX_MALFORMED_FINISHED | -12252 | 'SSLreceived a malformed Finished handshake message.' |
Received a malformed (too longor short) SSL record: All the error codes in thefollowing block indicate that the local socket received an improperlyformatted SSL3 record from the remote peer. This probably indicates aflaw in the remote peer's implementation. | ||
SSL_ERROR_RX_MALFORMED_CHANGE_CIPHER | -12251 | 'SSLreceived a malformed Change Cipher Spec record.' |
SSL_ERROR_RX_MALFORMED_ALERT | -12250 | 'SSLreceived a malformed Alert record.' |
SSL_ERROR_RX_MALFORMED_HANDSHAKE | -12249 | 'SSLreceived a malformed Handshake record.' |
SSL_ERROR_RX_MALFORMED_APPLICATION_DATA | -12248 | 'SSLreceived a malformed Application Data record.' |
Received an SSL handshake thatwas inappropriate for the current state: All the error codes in thefollowing block indicate that the local socket received an SSL3handshake message from the remote peer at a time when it wasinappropriate for the peer to have sent this message. For example, aserver received a message from another server. This probably indicates aflaw in the remote peer's implementation. | ||
SSL_ERROR_RX_UNEXPECTED_HELLO_REQUEST | -12247 | 'SSLreceived an unexpected Hello Request handshake message.' |
SSL_ERROR_RX_UNEXPECTED_CLIENT_HELLO | -12246 | 'SSLreceived an unexpected Client Hello handshake message.' |
SSL_ERROR_RX_UNEXPECTED_SERVER_HELLO | -12245 | 'SSLreceived an unexpected Server Hello handshake message.' |
SSL_ERROR_RX_UNEXPECTED_CERTIFICATE | -12244 | 'SSLreceived an unexpected Certificate handshake message.' |
SSL_ERROR_RX_UNEXPECTED_SERVER_KEY_EXCH | -12243 | 'SSLreceived an unexpected Server Key Exchange handshake message.' |
SSL_ERROR_RX_UNEXPECTED_CERT_REQUEST | -12242 | 'SSLreceived an unexpected Certificate Request handshake message.' |
SSL_ERROR_RX_UNEXPECTED_HELLO_DONE | -12241 | 'SSLreceived an unexpected Server Hello Done handshake message.' |
SSL_ERROR_RX_UNEXPECTED_CERT_VERIFY | -12240 | 'SSLreceived an unexpected Certificate Verify handshake message.' |
SSL_ERROR_RX_UNEXPECTED_CLIENT_KEY_EXCH | -12239 | 'SSLreceived an unexpected Client Key Exchange handshake message.' |
SSL_ERROR_RX_UNEXPECTED_FINISHED | -12238 | 'SSLreceived an unexpected Finished handshake message.' |
Received an SSL record that wasinappropriate for the current state: All the error codes in thefollowing block indicate that the local socket received an SSL3 recordfrom the remote peer at a time when it was inappropriate for the peer tohave sent this message. This probably indicates a flaw in the remotepeer's implementation. | ||
SSL_ERROR_RX_UNEXPECTED_CHANGE_CIPHER | -12237 | 'SSLreceived an unexpected Change Cipher Spec record.' |
SSL_ERROR_RX_UNEXPECTED_ALERT | -12236 | 'SSLreceived an unexpected Alert record.' |
SSL_ERROR_RX_UNEXPECTED_HANDSHAKE | -12235 | 'SSLreceived an unexpected Handshake record.' |
SSL_ERROR_RX_UNEXPECTED_APPLICATION_DATA | -12234 | 'SSLreceived an unexpected Application Data record.' |
Received record/message withunknown discriminant: All the error codes in thefollowing block indicate that the local socket received an SSL3 recordor handshake message from the remote peer that it was unable tointerpret because the byte that identifies the type of record or messagecontained an unrecognized value. This probably indicates a flaw in theremote peer's implementation. | ||
SSL_ERROR_RX_UNKNOWN_RECORD_TYPE | -12233 | 'SSLreceived a record with an unknown content type.' |
SSL_ERROR_RX_UNKNOWN_HANDSHAKE | -12232 | 'SSLreceived a handshake message with an unknown message type.' |
SSL_ERROR_RX_UNKNOWN_ALERT | -12231 | 'SSLreceived an alert record with an unknown alert description.' |
Received an alert report: All the error codes in thefollowing block indicate that the local socket received an SSL3 or TLSalert record from the remote peer, reporting some issue that it had withan SSL record or handshake message it received. (Some _Alertcodes are listed in other blocks.) | ||
SSL_ERROR_HANDSHAKE_UNEXPECTED_ALERT | -12229 | 'SSLpeer was not expecting a handshake message it received.' |
SSL_ERROR_DECOMPRESSION_FAILURE_ALERT | -12228 | 'SSL peer was unable to successfully decompress an SSL record it received.' |
SSL_ERROR_HANDSHAKE_FAILURE_ALERT | -12227 | 'SSLpeer was unable to negotiate an acceptable set of security parameters.' |
SSL_ERROR_ILLEGAL_PARAMETER_ALERT | -12226 | 'SSLpeer rejected a handshake message for unacceptable content.' |
SSL_ERROR_UNSUPPORTED_CERT_ALERT | -12225 | 'SSLpeer does not support certificates of the type it received.' |
SSL_ERROR_CERTIFICATE_UNKNOWN_ALERT | -12224 | 'SSLpeer had some unspecified issue with the certificate it received.' |
SSL_ERROR_DECRYPTION_FAILED_ALERT | -12197 | 'Peer was unable to decrypt an SSL record it received.' |
SSL_ERROR_RECORD_OVERFLOW_ALERT | -12196 | 'Peer received an SSL record that was longer than is permitted.' |
SSL_ERROR_UNKNOWN_CA_ALERT | -12195 | 'Peer does not recognize and trust the CA that issued your certificate.' |
SSL_ERROR_ACCESS_DENIED_ALERT | -12194 | 'Peer received a valid certificate, but access was denied.' |
SSL_ERROR_DECODE_ERROR_ALERT | -12193 | 'Peer could not decode an SSL handshake message.' |
SSL_ERROR_DECRYPT_ERROR_ALERT | -12192 | 'Peer reports failure of signature verification or key exchange.' |
SSL_ERROR_EXPORT_RESTRICTION_ALERT | -12191 | 'Peer reports negotiation not in compliance with export regulations.' |
SSL_ERROR_PROTOCOL_VERSION_ALERT | -12190 | 'Peer reports incompatible or unsupported protocol version.' |
SSL_ERROR_INSUFFICIENT_SECURITY_ALERT | -12189 | 'Server requires ciphers more secure than those supported by client.' |
SSL_ERROR_INTERNAL_ERROR_ALERT | -12188 | 'Peer reports it experienced an internal error.' |
SSL_ERROR_USER_CANCELED_ALERT | -12187 | 'Peer user canceled handshake.' |
-12186 | 'Peer does not permitrenegotiation of SSL security parameters.' | |
Unspecified errors thatoccurred while attempting some operation: All the error codes in thefollowing block describe the operation that was being attempted at thetime of the unspecified failure. These failures may be caused by thesystem running out of memory, or errors returned by PKCS#11 routinesthat did not provide meaningful error codes of their own. These shouldrarely be seen. (Certain of these error codes have more specificmeanings, as described.) | ||
SSL_ERROR_GENERATE_RANDOM_FAILURE | -12223 | 'SSLexperienced a failure of its random number generator.' |
SSL_ERROR_SIGN_HASHES_FAILURE | -12222 | 'Unableto digitally sign data required to verify your certificate.' |
SSL_ERROR_EXTRACT_PUBLIC_KEY_FAILURE | -12221 | 'SSLwas unable to extract the public key from the peer's certificate.' |
SSL_ERROR_SERVER_KEY_EXCHANGE_FAILURE | -12220 | 'Unspecifiedfailure while processing SSL Server Key Exchange handshake.' |
SSL_ERROR_CLIENT_KEY_EXCHANGE_FAILURE | -12219 | 'Unspecifiedfailure while processing SSL Client Key Exchange handshake.' |
SSL_ERROR_ENCRYPTION_FAILURE | -12218 | 'Bulkdata encryption algorithm failed in selected cipher suite.' |
SSL_ERROR_DECRYPTION_FAILURE | -12217 | 'Bulkdata decryption algorithm failed in selected cipher suite.' |
SSL_ERROR_MD5_DIGEST_FAILURE | -12215 | 'MD5digest function failed.' |
SSL_ERROR_SHA_DIGEST_FAILURE | -12214 | 'SHA-1digest function failed.' |
SSL_ERROR_MAC_COMPUTATION_FAILURE | -12213 | 'MessageAuthentication Code computation failed.' |
SSL_ERROR_SYM_KEY_CONTEXT_FAILURE | -12212 | 'Failureto create Symmetric Key context.' |
SSL_ERROR_SYM_KEY_UNWRAP_FAILURE | -12211 | 'Failureto unwrap the Symmetric key in Client Key Exchange message.' |
SSL_ERROR_IV_PARAM_FAILURE | -12209 | 'PKCS11code failed to translate an IV into a param.' |
SSL_ERROR_INIT_CIPHER_SUITE_FAILURE | -12208 | 'Failedto initialize the selected cipher suite.' |
SSL_ERROR_SOCKET_WRITE_FAILURE | -12216 | 'Attemptto write encrypted data to underlying socket failed.' After the data to be sent wasencrypted, the attempt to send it out the socket failed. Likely causesinclude that the peer has closed the connection. |
SSL_ERROR_SESSION_KEY_GEN_FAILURE | -12207 | 'Failedto generate session keys for SSL session.' On a client socket, indicates afailure of the PKCS11 key generation function. On a server socket,indicates a failure of one of the following: (a) to unwrap thepre-master secret from the ClientKeyExchange message, (b) to derive themaster secret from the premaster secret, (c) to derive the MAC secrets,cryptographic keys, and initialization vectors from the master secret.If encountered repeatedly on a server socket, this can indicate that theserver is actively under a 'million question' attack. |
Ocsp Error On Server Certificate
SEC Error Codes
Table 8.2 Security error codesdefined in secerr.hConstant | Value | Description |
---|---|---|
-8192 | AnI/O error occurred during authentication; or an error occurred during crypto operation (other than signature verification). | |
-8191 | Securitylibrary failure. | |
-8190 | Securitylibrary: received bad data. | |
-8189 | Securitylibrary: output length error. | |
-8188 | Securitylibrary: input length error. | |
-8187 | Securitylibrary: invalid arguments. | |
-8186 | Securitylibrary: invalid algorithm. | |
-8185 | Securitylibrary: invalid AVA. | |
-8184 | Securitylibrary: invalid time. | |
-8183 | Securitylibrary: improperly formatted DER-encoded message. | |
-8182 | Peer'scertificate has an invalid signature. | |
-8181 | Peer'scertificate has expired. | |
-8180 | Peer'scertificate has been revoked. | |
-8179 | Peer'scertificate issuer is not recognized. | |
-8178 | Peer'spublic key is invalid | |
-8177 | Thepassword entered is incorrect. | |
-8176 | Newpassword entered incorrectly. | |
-8175 | Securitylibrary: no nodelock. | |
-8174 | Securitylibrary: bad database. | |
-8173 | Securitylibrary: memory allocation failure. | |
-8172 | Peer'scertificate issuer has been marked as not trusted by the user. | |
-8171 | Peer'scertificate has been marked as not trusted by the user. | |
-8170 | Certificatealready exists in your database. | |
-8169 | Downloadedcertificate's name duplicates one already in your database. | |
-8168 | Erroradding certificate to database. | |
-8167 | Errorrefiling the key for this certificate. | |
-8166 | Theprivate key for this certificate cannot be found in key database. | |
-8165 | Thiscertificate is valid. | |
-8164 | Thiscertificate is not valid. | |
-8163 | Certificatelibrary: no response. | |
-8162 | Thecertificate issuer's certificate has expired. | |
-8161 | TheCRL for the certificate's issuer has expired. | |
-8160 | TheCRL for the certificate's issuer has an invalid signature. | |
-8159 | NewCRL has an invalid format. | |
-8158 | Certificateextension value is invalid. | |
-8157 | Certificateextension not found. | |
-8156 | Issuercertificate is invalid. | |
-8155 | Certificatepath length constraint is invalid. | |
-8154 | Certificateusages field is invalid. | |
-8153 | Internal-onlymodule. | |
-8152 | Thekey does not support the requested operation. | |
-8151 | Certificatecontains unknown critical extension. | |
-8150 | NewCRL is not later than the current one. | |
-8149 | Notencrypted or signed: you do not yet have an email certificate. | |
-8148 | Notencrypted: you do not have certificates for each of the recipients. | |
-8147 | Cannotdecrypt: you are not a recipient, or matching certificate and privatekey not found. | |
-8146 | Cannotdecrypt: key encryption algorithm does not match your certificate. | |
-8145 | Signatureverification failed: no signer found, too many signers found, or improper or corrupted data. | |
-8144 | Unsupportedor unknown key algorithm. | |
-8143 | Cannotdecrypt: encrypted using a disallowed algorithm or key size. | |
-8142 | FORTEZZAcard has not been properly initialized. | |
-8141 | NoFORTEZZA cards found. | |
-8140 | NoFORTEZZA card selected. | |
-8139 | Pleaseselect a personality to get more info on. | |
-8138 | Personalitynot found | |
-8137 | Nomore information on that personality. | |
-8136 | InvalidPIN. | |
-8135 | Couldn'tinitialize FORTEZZA personalities. | |
-8134 | NoKRL for this site's certificate has been found. | |
-8133 | TheKRL for this site's certificate has expired. | |
-8132 | TheKRL for this site's certificate has an invalid signature. | |
-8131 | Thekey for this site's certificate has been revoked. | |
-8130 | NewKRL has an invalid format. | |
-8129 | Securitylibrary: need random data. | |
-8128 | Securitylibrary: no security module can perform the requested operation. | |
-8127 | Thesecurity card or token does not exist, needs to be initialized, or hasbeen removed. | |
-8126 | Securitylibrary: read-only database. | |
-8125 | Noslot or token was selected. | |
-8124 | Acertificate with the same nickname already exists. | |
-8123 | Akey with the same nickname already exists. | |
-8122 | Errorwhile creating safe object. | |
-8121 | Errorwhile creating baggage object. | |
-8120 | Couldn'tremove the principal. | |
-8119 | Couldn'tdelete the privilege | |
-8118 | Thisprincipal doesn't have a certificate. | |
-8117 | Requiredalgorithm is not allowed. | |
-8116 | Errorattempting to export certificates. | |
-8115 | Errorattempting to import certificates. | |
-8114 | Unableto import. Decoding error. File not valid. | |
-8113 | Unableto import. Invalid MAC. Incorrect password or corrupt file. | |
-8112 | Unableto import. MAC algorithm not supported. | |
-8111 | Unableto import. Only password integrity and privacy modes supported. | |
-8110 | Unableto import. File structure is corrupt. | |
-8109 | Unableto import. Encryption algorithm not supported. | |
-8108 | Unableto import. File version not supported. | |
-8107 | Unableto import. Incorrect privacy password. | |
-8106 | Unableto import. Same nickname already exists in database. | |
-8105 | Theuser clicked cancel. | |
-8104 | Notimported, already in database. | |
-8103 | Messagenot sent. | |
-8102 | Certificatekey usage inadequate for attempted operation. | |
-8101 | Certificatetype not approved for application. | |
-8100 | Addressin signing certificate does not match address in message headers. | |
-8099 | Unableto import. Error attempting to import private key. | |
-8098 | Unableto import. Error attempting to import certificate chain. | |
-8097 | Unableto export. Unable to locate certificate or key by nickname. | |
-8096 | Unableto export. Private key could not be located and exported. | |
-8095 | Unableto export. Unable to write the export file. | |
-8094 | Unableto import. Unable to read the import file. | |
-8093 | Unableto export. Key database corrupt or deleted. | |
-8092 | Unableto generate public-private key pair. | |
-8091 | Passwordentered is invalid. | |
-8090 | Oldpassword entered incorrectly. | |
-8089 | Certificatenickname already in use. | |
-8088 | PeerFORTEZZA chain has a non-FORTEZZA Certificate. | |
-8087 | 'A sensitive key cannot bemoved to the slot where it is needed.' | |
-8086 | Invalidmodule name. | |
-8085 | Invalidmodule path/filename. | |
-8084 | Unableto add module. | |
-8083 | Unableto delete module. | |
-8082 | NewKRL is not later than the current one. | |
-8081 | NewCKL has different issuer than current CKL. | |
-8080 | Certificateissuer is not permitted to issue a certificate with this name. | |
-8079 | 'The key revocation listfor this certificate is not yet valid.' | |
-8078 | 'The certificaterevocation list for this certificate is not yet valid.' | |
-8077 | 'The requested certificatecould not be found.' | |
-8076 | 'The signer's certificatecould not be found.' | |
-8075 | 'The location for thecertificate status server has invalid format.' | |
-8074 | 'The OCSP response cannotbe fully decoded; it is of an unknown type.' | |
-8073 | 'The OCSP server returnedunexpected/invalid HTTP data.' | |
-8072 | 'The OCSP server found therequest to be corrupted or improperly formed.' | |
-8071 | 'The OCSP serverexperienced an internal error.' | |
-8070 | 'The OCSP server suggeststrying again later.' | |
-8069 | 'The OCSP server requiresa signature on this request.' | |
-8068 | 'The OCSP server hasrefused this request as unauthorized.' | |
-8067 | 'The OCSP server returnedan unrecognizable status.' | |
-8066 | 'The OCSP server has nostatus for the certificate.' | |
-8065 | 'You must enable OCSPbefore performing this operation.' | |
-8064 | 'You must set the OCSPdefault responder before performing this operation.' | |
-8063 | 'The response from theOCSP server was corrupted or improperly formed.' | |
-8062 | 'The signer of the OCSPresponse is not authorized to give status for this certificate.' | |
-8061 | 'The OCSP response is notyet valid (contains a date in the future).' | |
-8060 | 'The OCSP responsecontains out-of-date information.' | |
-8059 | 'The CMS or PKCS #7 Digestwas not found in signed message.' | |
-8058 | 'The CMS or PKCS #7Message type is unsupported.' | |
-8057 | 'PKCS #11 module could notbe removed because it is still in use.' | |
-8056 | 'Could not decode ASN.1data. Specified template was invalid.' | |
-8055 | 'No matching CRL was found.' | |
-8054 | 'You are attempting toimport a cert with the same issuer/serial as an existing cert, but thatis not the same cert.' | |
-8053 | 'NSS could not shutdown.Objects are still in use.' | |
-8052 | 'DER-encoded messagecontained extra unused data.' | |
-8051 | 'Unsupported elliptic curve.' | |
-8050 | 'Unsupported elliptic curve point form.' | |
-8049 | 'Unrecognized Object IDentifier.' | |
-8048 | 'Invalid OCSP signing certificate in OCSP response.' | |
-8047 | 'Certificate is revoked inissuer's certificate revocation list.' | |
-8046 | 'Issuer's OCSP responderreports certificate is revoked.' | |
-8045 | 'Issuer's CertificateRevocation List has an unknown version number.' | |
-8044 | 'Issuer's V1 CertificateRevocation List has a critical extension.' | |
-8043 | 'Issuer's V2 CertificateRevocation List has an unknown critical extension.' | |
-8042 | 'Unknown object type specified.' | |
-8041 | 'PKCS #11 driver violatesthe spec in an incompatible way.' | |
-8040 | 'No new slot event isavailable at this time.' | |
-8039 | 'CRL already exists.' | |
-8038 | 'NSS is not initialized.' | |
-8037 | 'The operation failedbecause the PKCS#11 token is not logged in.' |
Last Updated: 04/11/03 18:46:49 PDT
Comments are closed.