Troubleshooting

Table of Contents

Troubleshooting

When a user attempts to list keys and certificates, the client returns INFO: No objects available.

This message indicates that the Code Sign Client is authenticated but cannot find any signing objects associated with the identity. Check the following:

Confirm the built-in account is scoped to the correct TSG.Verify that the built-in account was created in the TSG where the Signing Keys are configured. A built-in account can only access Signing Keys within its own TSG (and child TSGs, if created on a parent TSG).
Verify that the host URLs are correct.The client must point to your TSG endpoint. You can confirm the configured URLs by running:
```
pkcs11config option show
```
If you are using the Windows CSP/KSP client, replace pkcs11config with cspconfig.
If HSM Server URL and Auth Server URL do not match your TSG endpoint, update them:
```
pkcs11config seturls --hostname <tsg-id>.ngts.paloaltonetworks.com
```
Verify that the built-in account Client ID is correct.You can view the Client ID by running:
```
pkcs11config option show
```
The Client ID will be shown as the Client ID value. Compare it to what you see in the Built-in Accounts inventory at System Settings > Built-in Accounts, and update as necessary with pkcs11config login.

Viewing Statistics and Event Logs

Overview: Event Logging

Next-Gen Trust Security Docs

Troubleshooting

Next-Gen Trust Security Docs

Troubleshooting

Activation and Onboarding

Next-Generation Firewalls

SASE

Cloud-Delivered Security Services

Network Security

Endpoints

Visibility & Monitoring

FedRAMP

Hardware Reference

Hardware Quick Start Guides

Virtual ION Deployment

3rd Party Integrations

Prisma SD-WAN Experts Corner

Best Practices

Experts Corner

Resources

Network Security Platform