Appendix
Troubleshooting
| Issue | Error Message | Remediation |
|---|---|---|
| KMIP registration is not enabled | The following error message is displayed in CipherTrust Records: "errorMessage": "Unregistered client, please register a new client from CLI or API or UI." | Check whether the Autoregistration option is selected in Admin Settings > System > Interfaces > kmip. If it is not selected, turn on the Autoregistration option. Refer to the steps mentioned in Enable KMIP Client Registration. |
| User corresponding to username location in certificate (example: OU/UID) has not been created | The following error messages are displayed in CipherTrust Records: "errorMessage": "username not found: "errorMessage": "Could not authenticate certificate user, hence client is not auto registered in mode tls-cert-pw-opt" | Check whether the user corresponding to UID/OU of the node certificates has been created in Keys & Access Management > Users. If the user is not created, create a new user with the same name as the OU/UID field of the node certificates. After creating the user, add this user to the Key Admins. Refer to steps mentioned in Create a New User. |
| User has not been added to Key Admin group | The following error message is displayed in CipherTrust Records: "errorMessage": "authorization denied: verdict was deny: CreateKey" | Check whether the user corresponding to UID/OU of the node certificates has been created under Keys & Access Management > Users. If the user is not added, add the user to the Key Admins group. |
| The Username location in Certificate has been set incorrectly | The following error messages are displayed in CipherTrust Records: "errorMessage": "username not found: "errorMessage": "Could not authenticate certificate user, hence client is not auto registered in mode tls-cert-pw-opt" | Check whether the Username Location in the Certificate option is set correctly to OU/UID in Admin Settings > System > Interfaces > kmip. If it is not set correctly, set the correct value for the Username Location in the Certificate. |