Skip to content

Troubleshooting

When an Authorized Signer attempts to list keys and certificates, the client returns INFO: No objects available.

This message indicates that the Code Sign Client is authenticated but cannot find any signing objects associated with the identity. Check the following:

  • Confirm signer authorization.
    Verify that the user is either assigned directly as an Authorized Signer on the Project or is a member of a Team that is assigned as the Authorized Signer. If access is inherited through a Team, that Team—not the Project—controls the user’s permissions.

  • Verify that the host URLs are correct.
    The client must point to the Certificate Manager - SaaS regional API endpoints, not your tenant URL. You can confirm the configured URLs by running:

    pkcs11config option show # (1)!
    1. If you are using the Windows CSP/KSP, replace pkcs11config with cspconfig.

    If HSM Server URL and Auth Server URL do not match the regional endpoints for your region, update them:

    pkcs11config seturls -hostname <region-endpoint-url>  # (1)!
    1. If you are using the Windows CSP/KSP, replace pkcs11config with cspconfig. See the list of regional endpoints here.

  • Verify that the user API key or service account client ID is correct You can view the user API key or service account client ID by running

    pkcs11config option show

    A user API key will be shown as the API Key. The service account client ID will be shown as the Client ID value. Compare them to what you see in the UI and update them as necessary with pkcs11config login.