Appendix
Troubleshooting
Issue | Error Message | Remediation |
---|---|---|
KMIP registration is not enabled | The following error message is displayed in CipherTrust Records: "errorMessage": "Unregistered client, please register a new client from CLI or API or UI." | Check whether the Autoregistration option is selected in Admin Settings > System > Interfaces > kmip. If it is not selected, turn on the Autoregistration option. Refer to the steps mentioned in Enable KMIP Client Registration. |
User corresponding to username location in the certificate (for example, OU/UID) is not created | The following error messages are displayed in CipherTrust Records: "errorMessage": "username not found: "errorMessage": "Could not authenticate certificate user, hence the client is not auto registered in mode tls-cert-pw-opt " | Check whether the user corresponding to UID/OU of the node certificates is created in Keys & Access Management > Users. If the user is not created, create a new user with the same name as the OU/UID field of the node certificates. After creating the user, add this user to the Key Admins. Refer to the steps mentioned in Create a New User. |
User is not added to the Key Admin group | The following error message is displayed in CipherTrust Records: "errorMessage": "authorization denied: verdict was deny: CreateKey" | Check whether the user corresponding to UID/OU of the node certificates is created under Keys & Access Management > Users. If the user is not added, add the user to the Key Admins group. |
The username location in the Certificate is set incorrectly | The following error messages are displayed in CipherTrust Records: "errorMessage": "username not found: "errorMessage": "Could not authenticate certificate user, hence the client is not auto registered in mode tls-cert-pw-opt " | Check whether the username location in the Certificate option is set correctly to OU/UID in Admin Settings > System > Interfaces > kmip. If it is not set correctly, set the correct value for the username location in the Certificate. |