KB Article #175905

Error 255: Unidentified error from vatest

Problem

* The vatest tool reports error 255 (unidentified error) when attempting to validate responses.  For example:

vatest scvp -checkcert <EE cert> "" -ignoreresponsesign -url <VA server>

path revocation status: good


vatest scvp  -checkcert <EE cert> "" -servercerts va.cer -url <VA server>

Error 255: Unidentified error.

Resolution

-- The client needs the issuer of the signing certificate in order to validate the signature from VA.

For example, if you are executing vatest, you would provide these options:
vatest scvp -checkcert <EE cert> "" -url <VA server url> -servercerts <Cert of Issuer of VA Signing Cert>

A couple of additional things to bear in mind:

The client also fails to validate the response from the VA server when the signing certificate is issued by a 3rd party CA and the certificate:

a) is missing the “emailProtection” extendedKeyUsage,

b) has the keyUsage as critical and it is missing the “digitalSignature”. If KeyUsage is not present, it's OK.

Same on all platforms.

Still need help?

If this information wasn't helpful to you, just drop us a line. We'll get back to you as soon as possible.