Troubleshooting
Use the following table to help troubleshoot problems with Connect:Direct® Secure Plus.
Problem | Possible Cause | Solution |
---|---|---|
Connect:Direct Secure Plus features are enabled in the parameters file, but the statistics record indicates that the functions are disabled. | The Connect:Direct network maps do not contain entries for the PNODE and SNODE. | Verify that the netmap entries for both the PNODE and the SNODE exist. |
Running a Process with a remote node fails with an authentication error. | Unique public/private key pairs are generated for the remote node record and the .Local node record is set to Enable Override=N. | Change the .Local node record to Enable Override=Y. |
The Connect:Direct Secure Plus parameter, ENCRYPT.DATA, specified from the COPY statement causes the copy step to fail with error message CSPA080E. | The algorithm name used in the COPY statement is not in the supported algorithm list for both nodes. | Verify that the algorithm name in the COPY statement is in the supported algorithm list for both nodes. |
Connect:Direct Secure Plus is installed, but error message CSPA001E occurs on non-Connect:Direct Secure Plus transfers. | Remote node records do not exist. |
|
Signature verification fails with error message CSPA002E. |
Configuration settings missing or incorrect. |
|
Strong authentication fails with the error, CSPA010E. |
|
|
Connect:Direct Secure Plus session fails with the error, CSPA011E. |
An illegal attempt to override Connect:Direct Secure Plus parameters. |
|
Connect:Direct Secure Plus session fails with the error, CSPA014E. |
Connect:Direct Secure Plus cannot read the remote node definition. |
Check the remote node definition settings. |
Connect:Direct Secure Plus session fails with the error, CSPA016E. |
Connect:Direct Secure Plus is not enabled in the local node definition. |
Make sure Connect:Direct Secure Plus is enabled for the local node. |
Connect:Direct Secure Plus session fails with the error, CSPA019E. |
Error generating digital signature. |
|
Connect:Direct Secure Plus session fails with the error, CSPA077E. |
The COPY statement requested Connect:Direct Secure Plus parameters but Connect:Direct Secure Plus is not configured. |
Remove the SECURE= parameter from the COPY statement. |
Connect:Direct Secure Plus session fails with the error, CSPA079E. | Invalid encryption algorithm identified in COPY statement. | Change the ENC.DATA parameter and specify one of the following values: Y, N, IDEACBC128, TDESCBC112, or DESCBC56 and resubmit the Process. |
Connect:Direct Secure Plus session fails with the error, CSPA080E. |
No common algorithms are available for both nodes. |
Verify the algorithm list for both nodes contains at least one common algorithm name. |
Connect:Direct Secure Plus session fails with the error, CSPA091E. | Session attempted but remote node is not configured. | Make sure both nodes are defined for the remote node record. |
Connect:Direct Secure Plus session fails with the error, CSPA200E. |
Both nodes are not configured for the same protocol. |
|
Connect:Direct Secure Plus session fails with the error, CSPA202E. |
SSL or TLS protocol handshake failed. | Edit the cipher suite list and add a cipher suite used by the trading partner. |
Connect:Direct Secure Plus session fails with the error, CSPA203E or CSPA204E. |
The SSL or TLS protocol could not validate the server's certificate. | Make sure the certificate information is typed into the node record. |
Connect:Direct Secure Plus session fails with the error, CSPA205E. |
A trading partner is not using TCP/IP for communication. | Make sure that both ends of the communication use TCP/IP. |
Connect:Direct Secure Plus session fails with the error, CSPA206E. | The SSL or TLS protocol could not validate the server's certificate. | Make sure the certificate information is entered into the node record. |
Connect:Direct Secure Plus session fails with the error, CSPA208E. | The common name in the certificate received does not match the Connect:Direct Secure Plus configuration. | Make sure the certificate common name is spelled correctly and uses the same case as that in the certificate. |
Connect:Direct Secure Plus session fails with the error, CSPA209E. | The certificate has expired or is invalid. | Obtain a new certificate and reconfigure the node record. |
Connect:Direct Secure Plus session fails with the error, CSPA211E. | The remote trading partner failed to send a certificate. | Notify the trading partner that a certificate is required. |
Connect:Direct Secure Plus session fails with the error, CSPA280E. | The trusted root certificate could not be loaded. | Check the local node configuration and make sure the location of the trusted root certificate is correctly identified. |
Connect:Direct Secure Plus session fails with the error, CSPA281E. | The trusted root certificate is empty. | Check the local node configuration and make sure the location of the trusted root certificate is correctly identified. |
Connect:Direct Secure Plus session fails with the error, CSPA282E. | The user certificate file cannot be loaded. | Check the local node configuration and make sure the location of the user certificate file is correctly identified. |
Connect:Direct Secure Plus session fails with the error, CSPA303E. | The parameters files have not been initialized. | Run the Admin Tool to initialize the parameters files. |
Connect:Direct Secure Plus session fails with the error, CSPA309E. | The SSL library failed during the handshake. | Examine all related errors to determine the cause of the failure. |
Connect:Direct Secure Plus session fails with the error, CSPA311E. | Certificate validation failed. | Verify that the root certificate is properly configured. An alternate certificate may be required. |