Ask a Question

Advanced Search

Solution ID : SO22064

Last Modified : 10/09/2018

MPKI 8.8 / MPKI Magnum Manufacturer Device Batch Issue

Problem

The customer has issues to get a batch of manufacturer certificates issued from Magnum(Device) account.

Cause

Based on the ERROR and WARN lines in the batch server log, the system is unable to create a certificate to even send to the signer, because the validity period requested by the customer (10957 days) is longer than the allowed period (365 x 30 = 10950 days):

ERROR 2013-04-29 18:13:10.437 nutmeg4be-d2-ap:CertBatchService 0.0.0.0 batchJobExecutor-3 c3d3e50133c2db53 0 'text=Wrongly specified time in profile for ExactValidity. Valid for 10957 is not greater than 1 and less than  10950, actor=enterprise-pkisupport@digicert.com, class.method=c.s.c.e.u.SYMCX509Dates.<init>'
WARN  2013-04-29 18:13:10.437 nutmeg4be-d2-ap:CertBatchService 0.0.0.0 batchJobExecutor-3 c3d3e50133c2db53 0 'text=Error code ENGINE_UNKNOWN has no entry in messages.properties

Solution

The error is pertaining to the validity check. This was a small fix by updating the CA Policy for the customer.

CBO made the following change to the Customer's CA Policy

      maximumValidityUpperLimit="10950"
 to
      maximumValidityUpperLimit="10960"

After setting the maximum validity upper limit to match device certificate calculation then the error went away.