Skip to content

PKI Services Manager Return Codes

Reflection PKI Services Manager returns the following codes to the application requesting validation services.

  • Code 0 = No errors, successful validation.

  • Codes 1-10 = Command-line errors, either with winpki or pkid.

  • Codes 11-19 = Network or protocol errors.

  • Codes 21-29 = Validation errors.

  • Codes 31-39 = Mapper errors (certificate is valid but could not be mapped).

  • Codes 41-49 = CRL or other revocation errors

Code Meaning
0 No errors.
1 General error, unknown cause.
2 Syntax error with the command, improper arguments.
3 PKI Services Manager is already running.
4 Error in the configuration file.
5 Timeout occurred while executing the command.
6 Network error (for example, cannot connect to PKI Services Manager).
7 Access denied, user does not have permission to run the command.
8 System error . This is an internal error. Re-run with –d switch to see what happened.
9 Migration or initialization failed. See migration error log.
11 Unknown command was requested by the calling application.
12 An exception was thrown by PKI Services Manager. For more information, see the PKI Services Manager event log.
13 Syntax error with the command or packet sent to PKI Services Manager.
14 Command was ignored (not currently used, internal error).
15 Processing error. The certificate sent to PKI Services Manager is not encoded correctly.
16 Command failed (commands are: stop, reload, reconfigure).
17 Signature mismatch. Sender did not sign with a matching key.
18 Format error. The ASN protocol was not properly formatted
19 PKI Services Manager is in FIPS mode and the certificate is not valid in that mode
21 Certificate is invalid (expired, not signed, bad key, etc.)
22 No path. The issuing certificate could not be located.
23 Certificate is revoked.
24 No trust anchor. The path did not terminate to a known trust anchor.
25 Other validation error. Policy or other constraints failed.
26 Path length to the end certificate exceeded the CA path length constraint.
27 Certificate policy is invalid or does not match assertions in effect.
28 Invalid certificate signature.
29 Unknown critical extension was encountered in a certificate or CRL.
31 Identity requested did not match allowed identities.
32 No identities are allowed for this certificate (no maps exist that match).
33 Calling application did not send an identity for matching (client-side error).
34 Certificate is valid, but requested WhoAmI processing
41 Unknown CRL processing error
42 No base for a delta CRL.
43 CRL has expired.
44 Cannot verify signature or it is bad.
45 Unknown CRL extension that is marked critical.
46 Mismatch of IDP field in CRL.
47 No CRL available.