Breadcrumbs

Troubleshooting

Error

Diagnosis

# oc apply -f import.yaml

The Pod "securityserver`" is invalid: metadata.name: Invalid value: "securityserver`": a lowercase RFC 1123 subdomain must consist of lower case alphanumeric characters, '-' or '.', and must start and end with an alphanumeric character (e.g. 'http://example.com ', regex used for validation is

'[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*')

  1. Verify syntax for YAML Configuration file.

# oc apply -f import.yaml

The Deployment "securityserver" is invalid:

  • spec.selector: Invalid value: v1.LabelSelector{MatchLabels:map[string]string{}, MatchExpressions:[]v1.LabelSelectorRequirement(nil)}: empty selector is invalid for deployment

  • spec.selector: Invalid value: v1.LabelSelector{MatchLabels:map[string]string{}, MatchExpressions:[]v1.LabelSelectorRequirement(nil)}: field is immutable

  1. Verify if the docker Image is available to pull.

  2. Verify if Name/Tags in the run command for the docker image is correct.

You are starting the NGINX Server inside the Pod and encounter below error:

sh-4.4# /usr/sbin/nginx Failed to enumerate slots Failed to enumerate slots

PKCS11_get_private_key returned NULL

nginx: [emerg] ENGINE_load_private_key("slot_9-id_45") failed (SSL: error:82071032:PKCS#11 module:pkcs11_init_slot:Device removed error:26096080:engine routines:ENGINE_load_private_key:failed loading private key)

  1. Verify Proper IP Address and Port is mentioned in PKCS11 Configuration File.

  2. Verify if you are able to connect to HSM IP address on your network.

LoginUser= failed:

05.12.2021 23:45:45 src/p11adm_R2.c[429]

p11_login: C_Login [type=1] returned Error 0x00000102 (CKR_USER_PIN_NOT_INITIALIZED

PKCS#11 Slot is not initialized.

LoginUser= failed:

30.08.2022 07:21:34 src/p11adm_R2.c[280] p11_open_session: C_OpenSession returned Error 0x00000003 (CKR_SLOT_ID_INVALID)

  1. Verify if the correct PKCS#11 Slot is mentioned in command.

  2. Verify the configurations in the PKCS#11 Configuration file.

  3. Check the PKCS#11 logs for detailed Information.

E: cs_get_sessionkey_ex returned: Error B0830070 CryptoServer module CMDS, Command scheduler Mutual Authentication must be activated in CC mode

  1. Verify that the authentication key is created using the csadm tool.

  2. Verify CS_AUTH_KEYS variable is set in environment variable pointing towards authentication key.

  3. Verify the permissions on the authentication key.

E: cs_get_sessionkey_ex returned: Error B906601A CryptoServer admin library

Authentication / Session layer

CryptoServer's signature could not be verified 22.02.2023 12:41:57 | [00000034:00000034] mapToP11

| E: error 0xb906601a mapped.

22.02.2023 12:41:57 | [00000034:00000034] C_Login

| E: Error CKR_DEVICE_ERROR occurred.

This error occurs, when using wrong authentication key. Create the authentication key using the csadm tool.

Utimaco::HSM::DeviceException thrown in execute

Error occurred on device 3001@127.0.0.1: Error B0680016

CryptoServer module CXI invalid property tag

Verify the spec value of the key.

List of Errors and their Diagnoses