This section summarizes error codes used in SCMS interfaces across all use cases.
RA-EE Errors
This table contains all RA-EE interface errors. A production stage RA always returns a HTTP status code 500 (HTTP Status Code PROD) to an EE if an error occurs and it is able to respond. A QA stage RA will return more detailed HTTP status codes (HTTP Status Code QA) and SCMS specific HTTP headers with detailed error information (SCMS-POC-Error resp. SCMS-POC-Error-Message).
| Key | Summary | EE / SCMS | HTTP Status Code | SCMS-Error-Code | Error Message | Additional information |
|---|---|---|---|---|---|---|
| SCMS-964 | Error code: raNoCertFileAvailable | SCMS | 500 | 5065 | Requested certificate file is not available for download | |
| SCMS-976 | Error code: raInvalidURL | SCMS | 500 | 5072 | Invalid URL sent in download request | |
| SCMS-978 | Error code: raAuthenticationFailed | SCMS | 500 | 5067 | EE authentication failed |
Any of the 1609.2 data layers cannot be validated. It can be caused by failed signature verification, untrusted certificates, or bad encryption. Please see EE-RA Communications - General Guidance and the respective RA - Services View documentation |
| SCMS-981 | Error code: raNoPcaCertificateChainFileAvailable | SCMS | 500 | 5068 |
Requested certificate chain file not available for download |
|
| SCMS-983 | Error code: raNoInfoFileAvailable | SCMS | 500 | 5069 | Requested .info file is not available for download | |
| SCMS-987 | Error code: raWrongParameters | SCMS | 500 | 5070 | EE request contained invalid parameter values | |
| SCMS-990 | Error code: raMoreThanAllowedTries | SCMS | 500 | 5071 | EE exceeded retry limit | |
| SCMS-1065 | Error code: raBlacklisted | SCMS | 500 | 5055 | Enrollment certificate blacklisted | |
| SCMS-1068 | Error code: raRequestForMultipleCerts | SCMS | 500 | 5056 | Multiple application certificates requests for same PSID/SSP | |
| SCMS-1070 | Error code: raDuplicateRequestReceived | SCMS | 500 | 5057 | Duplicate request received | |
| SCMS-1082 | Error code: raInvalidSignature | SCMS | 500 | 5058 | Invalid signature or signature missing | |
| SCMS-1083 | Error code: raRequestNotEncrypted | SCMS |
500 |
5059 | Request not encrypted | |
| SCMS-1084 | Error code: raInvalidCredentials | SCMS | 500 | 5060 | EE used invalid credentials (blacklisted, expired, unauthorized) | |
| SCMS-1085 | Error code: raUnauthorizedRequest | SCMS | 500 | 5061 | Unauthorized request (invalid permissions) | |
| SCMS-1087 | Error code: raMismatch | SCMS | 500 | 5063 |
EE attempted to contact an RA that does not have it on the white list |
|
| SCMS-1088 | Error code: raInvalidTimeReceived | SCMS | 500 | 5064 | Invalid timestamp sent |
SCMS Errors
This table contains SCMS interface errors that are sent among SCMS components.
| Key | Summary | EE / SCMS | HTTP Status Code | SCMS-Error-Code | Error Message |
|---|---|---|---|---|---|
| SCMS-789 | Error code: InternalTimeout | SCMS | 500 | 5001 | Internal timeout. Request could not be processed in time. |
| SCMS-792 | Error code: noMaAuthorizationSignature | SCMS | 401 | 5002 | MA signature missing |
| SCMS-793 | Error code: pcaInvalidMaAuthorizationSignature | SCMS | 401 | 5003 | Signature invalid |
| SCMS-795 | Error code: pcaInvalidInputValueFormat | SCMS | 400 | 5004 | Request values improperly formatted |
| SCMS-796 | Error code: pcaInvalidLinkageValue | SCMS | 400 | 5005 | Invalid linkage value send |
| SCMS-804 | Error code: pcaNumberOfLinkageValuesExceeded | SCMS | 400 | 5006 | Number of linkage values above threshold |
| SCMS-812 | Error code: raInvalidHashRequest | SCMS | 400 | 5007 | Invalid RA-PCA request hash send |
| SCMS-820 | Error code: raNumberOfRequestsExceeded | SCMS | 400 | 5008 | Number of linkage values above threshold |
| SCMS-829 | Error code: raInvalidLinkageValue | SCMS | 400 | 5009 | Invalid linkage value send |
| SCMS-844 | Error code: laInvalidLinkageValue | SCMS | 400 | 5010 | Invalid LCI value send |
| SCMS-851 | Error code: laNumberOfLciValuesExceeded | SCMS | 400 | 5011 | Number of LCI values above threshold |
| SCMS-875 | Error code: pcaInvalidInputValueFormat | SCMS | 400 | 5012 | Request values improperly formatted |
| SCMS-876 | Error code: pcaInvalidLinkageValue | SCMS | 400 | 5013 | Invalid linkage value send |
| SCMS-884 | Error code: pcaNumberOfLinkageValuesExceeded | SCMS | 400 | 5014 | Number of linkage values above threshold |
| SCMS-892 | Error code: laInvalidInputValueFormat | SCMS | 400 | 5015 | Request values improperly formatted |
| SCMS-893 | Error code: laInvalidPrelinkageValuePresented | SCMS | 400 | 5016 | Invalid encrypted pre-linkage value send |
| SCMS-900 | Error code: laNumberOfLinkageValuesExceeded | SCMS | 400 | 5017 | Number of linkage values above threshold |
| SCMS-910 | Error code: raInvalidInputValueFormat | SCMS | 400 | 5018 | Request values improperly formatted |
| SCMS-917 | Error code: raCertificateAlreadyBlacklisted | SCMS | 400 | 5020 | Enrollment certificate already blacklisted |
| SCMS-929 | Error code: raInvalidRIFValue | SCMS | 400 | 5022 | Invalid RIF value send |
| SCMS-936 | Error code: raNumberOfRequestsExceeded | SCMS | 400 | 5023 | Number of RIF values above threshold |
| SCMS-1041 | Error Code: pcaAuthFailure | SCMS | 401 | 5044 | PCA could not authenticate LA |
| SCMS-1043 | Error code: raAuthFailure | SCMS | 401 | 5046 | RA could not authenticate LA |
| SCMS-1045 | Error code: maAuthFailure | SCMS | 401 | 5048 | MA failed to authenticate LA |
| SCMS-1277 | Error code: pcaCertificateEncryptionFailed | SCMS | 500 | 5066 | PCA unable to encrypt certificate |
SCMS Error Log Values
This table contains SCMS error conditions that are added to a local error log but not returned or communicated directly to another component. In most cases, a log entry is the end of processing for an error condition. In other words, once one of these values is captured in a log, there are no other programmatic steps performed by the system. These log values are created for debugging or administrative purposes. In the future, automated monitoring may use these values to take corrective action or alert system managers, but for now they are just saved in a log.
| Key | Summary | EE / SCMS | Error Message |
|---|---|---|---|
| SCMS-988 | Error code: raRetries | SCMS | The value is saved to the log, no error is returned. |
| SCMS-1014 | Error code: maDecryptionFailed | SCMS | MA unable to decrypt misbehavior report |
| SCMS-1026 | Error code: authCAAuthenticationFailed | SCMS | The value is saved to the log, no error is returned. |
| SCMS-1031 | Error code: tcComponentAddressingInfoInvalid | SCMS | The value is saved to the log, no error is returned. |
| SCMS-1032 | Error code: tcComponentUnreachable | SCMS | The value is saved to the log, no error is returned. |
| SCMS-1033 | Error Code: issuedCertInvalid | SCMS | The value is saved to the log, no error is returned. |
| SCMS-1042 | Error code: laEncFailure | SCMS | The value is saved to the log, no error is returned. |
| SCMS-1044 | Error code: laEncFailure | SCMS | LA could not establish TLS link with RA |
| SCMS-1046 | Error code: laEncFailure | SCMS | LA could not establish TLS link with MA |
| SCMS-1047 | Error code: tcNotifyDCMListFailure | SCMS | The
value is saved to the log, no error is
returned. |
| SCMS-1048 | Error code: tcNotifyDCMAuthenticationFailure | SCMS |
The value is saved to the
log, no error is
returned. |
| SCMS-1056 | Error code: crlNotAvailable | SCMS | The value is saved to the log, no error is returned. |
Standard HTTP Error Codes
This table contains a list of standard HTTP error codes for reference. The source of this information including description is Wikipedia as of September 30, 2016.
| HTTP Error Code Number | Summary | Description |
|---|---|---|
| Client Error Responses | ||
| 400 | Bad Request |
The server cannot or will not process the request due to an apparent client error. (e.g., malformed request syntax, invalid request message framing, or deceptive request routing) |
| 401 | Unauthorized |
Similar to 403 Forbidden, but specifically for use when authentication is required and has failed or has not yet been provided. The response must include a WWW-Authenticate header field containing a challenge applicable to the requested resource. |
| 402 | Payment Required |
Reserved for future use. The original intention was that this code might be used as part of some form of digital cash or micro-payment scheme, but that has not happened and this code is not usually used. |
| 403 | Forbidden |
The request was a valid request, but the server is refusing to respond to it. 403 error semantically means "unauthorized," i.e., the user does not have the necessary permissions for the resource. |
| 404 | Not Found | The requested resource could not be found but may be available in the future. Subsequent requests by the client are permissible. |
| 405 | Method Not Allowed |
A request method is not supported for the requested resource; for example, a GET request on a form which requires data to be presented via POST, or a PUT request on a read-only resource. |
| 406 | Not Acceptable | The requested resource is capable of generating only content not acceptable according to the Accept headers sent in the request. |
| 407 | Proxy Authentication Required | The client must first authenticate itself with the proxy. |
| 408 | Request Timeout |
The server timed out waiting for the request. According to HTTP specifications: "The client did not produce a request within the time that the server was prepared to wait." The client MAY repeat the request without modifications at any later time. |
| 409 | Conflict | Indicates that the request could not be processed because of conflict in the request, such as an edit conflict between multiple simultaneous updates. |
| 410 | Gone | Indicates that the resource requested is no longer available and will not be available again. This should be used when a resource has been intentionally removed and the resource should be purged. Upon receiving a 410 status code, the client should not request the resource in the future. Clients such as search engines should remove the resource from their indices. |
| 411 | Length Required | The request did not specify the length of its content, which is required by the requested resource |
| 412 | Precondition Failed | The server does not meet one of the preconditions that the requester put on the request |
| 413 | Payload Too Large | The request is larger than the server is willing or able to process. Previously called "Request Entity Too Large." |
| 414 | URI Too Long | The URI provided was too long for the server to process. Often the result of too much data being encoded as a query-string of a GET request, in which case it should be converted to a POST request. |
| 415 | Unsupported Media Type | The request entity has a media type which the server or resource does not support. For example, the client uploads an image as image/svg+xml, but the server requires that images use a different format. |
| 416 | Requested Range Not Satisfiable | The client has asked for a portion of the file (byte serving), but the server cannot supply that portion. For example, if the client asked for a part of the file that lies beyond the end of the file. |
| 417 | Expectation Failed | The server cannot meet the requirements of the Expect request-header field |
| 418 | I'm a teapot | This code was defined in 1998 as one of the traditional IETF April Fools' jokes, in RFC 2324 |
| 421 | Misdirected Request | The request was directed at a server that is not able to produce a response |
| 426 | Upgrade Required | The client should switch to a different protocol such as TLS/1.0, given in the Upgrade header field |
| 428 | Precondition Required | The origin server requires the request to be conditional. Intended to prevent "the 'lost update' problem, where a client GETs a resource's state, modifies it, and PUTs it back to the server, while meanwhile a third party has modified the state on the server, leading to a conflict." |
| 429 | Too Many Requests | The user has sent too many requests in a given amount of time. Intended for use with rate limiting schemes |
| 431 | Request Header Fields Too Large | The server is unwilling to process the request because either an individual header field, or all the header fields collectively, are too large |
| Server Error Responses | ||
| 500 | Internal Server Error | A generic error message, given when an unexpected condition was encountered and no more specific message is suitable |
| 501 | Not Implemented | The server either does not recognize the request method, or it lacks the ability to fulfill the request |
| 502 | Bad Gateway | The server was acting as a gateway or proxy and received an invalid response from the upstream server |
| 503 | Service Unavailable | The server is currently unavailable (because it is overloaded or down for maintenance). Generally, this is a temporary state. |
| 504 | Gateway Timeout | The server was acting as a gateway or proxy and did not receive a timely response from the upstream server |
| 505 | HTTP Version Not Supported | The server does not support the HTTP protocol version used in the request |
| 506 | Variant Also Negotiates | Transparent content negotiation for the request results in a circular reference |
| 507 | Insufficient Storage | The server is unable to store the representation needed to complete the request |
| 511 | Network Authentication Required |
The client needs to authenticate to gain network access. Intended for use by intercepting proxies used to control access to the network |