The following errors may be produced by the certificate services UI.  This document provides a brief explanation for the error and possible solutions.  This list is not exhaustive–if the error isn't on this list, please contact iam-support@uw.edu with the error text.  

You do not have permission: Invalid wildcard

A wildcard can only be at the beginning of a domain name.  e.g. *.pottery.uw.edu is valid but clay.*.uw.edu is not. 

Solution

reformat using a valid wildcard

 

You do not have permission:  You are not an owner of <domain>

Your netid isn't authorized to request certificates for this domain.  This can have several causes:

Solution



You do not have permission:  InCommon says no permission 

This non-uw domain hasn't been validated with InCommon. 

Solution

This domain needs to be approved before certificates can be issued for it.  See Request a New Domain for InCommon CA Certificates

 

Could not verify DNS ownership:  CN or altName not valid

The CN or at least one altName didn't parse as a valid DNS name.  

Solution

Check for typos in your CSR.  Contact iam-support@uw.edu (include a copy of your CSR) if the error persists.  

 

The CA reports exception:  IO error to CA

This usually means the InCommon/Comodo API is unavailable.  

Solution

 

invalid CSR problem parsing cert: java.lang.IllegalArgumentException: badly encoded request

This means there was a problem parsing the CSR.  The most common cause of this error is pasting in DNS names or other text instead of a base64 encoded public key plus metadata.  A CSR has the following format:

----BEGIN CERTIFICATE REQUEST----- 
cnNleSBDaXR5MR4wHAYDVQQKExVUaGUgVVNFUlRSVVNUIE5ldHdvcmsxLjAsBgNV
BAMTJVVTRVJUcnVzdCBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMTQx
MDA2MDAwMDAwWhcNMjQxMDA1MjM1OTU5WjB2MQswCQYDVQQGEwJVUzELMAkGA1UE
CBMCTUkxEjAQBgNVBAcTCUFubiBBcmJvcjESMBAGA1UEChMJSW50ZXJuZXQyMREw
DwYDVQQLEwhJbkNvbW1vbjEfMB0GA1UEAxMWSW5Db21tb24gUlNBIFNlcnZlciBD
QTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJwb8bsvf2MYFVFRVA+e
xU5NEFj6MJsXKZDmMwysE1N8VJG06thum4ltuzM+j9INpun5uukNDBqeso7JcC7v
HgV9lestjaKpTbOc5/MZNrun8XzmCB5hJ0R6lvSoNNviQsil2zfVtefkQnI/tBPP
iwckRR6MkYNGuQmm/BijBgLsNI0yZpUn6uGX6Ns1oytW61fo8BBZ321wDGZq0GTl
qKOYMa0dYtX6kuOaQ80tNfvZnjNbRX3EhigsZhLI2w8ZMA0/6fDqSl5AB8f2IHpT
eIFken5FahZv9JNYyWL7KSd9oX8hzudPR9aKVuDjZvjs3YncJowZaDuNi+L7RyML
fzcCAwEAAaOCAW4wggFqMB8GA1UdIwQYMBaAFFN5v1qqK0rPVIDh2JvAnfKyA2bL
MB0GA1UdDgQWBBQeBaN3j2yW4luHS6a0hqxxAAznODAOBgNVHQ8BAf8EBAMCAYYw
-----END CERTIFICATE REQUEST-----