"0x3301":"Bad transaction id or parent cert not renewable.: User try to renew a certificate that is not yet ready for renew or the transaction id is wrong",
"0x3069":"Challenge phrase mismatch: The challenge phrase submitted does not match the original one",
"0x3111":"Unsupported Product: User submitted a wrong product or requested cipher is not supported",
"0x30e8":"CN or org does not match the original one.: the submitted CSR contains a common name or org that does not match the original one",
"0x1005":"Duplicate certificate: a certificate with the same common name exists already",
"0x0194":"Incorrect Signature Algorithm: The requested signature algorithm is not supported for the key type. i.e. an ECDSA is submitted for an RSA key",
"0x6000":"parameter missing or incorrect: This is a general error code for missing or incorrect parameters. The reason will be in the response message. i.e. 'CSR is missing, 'Unsupported serverType' when no supported serverType could be found., 'invalid transaction id'",
"0x3063":"Certificate not allowed: trying to issue a certificate that is not configured for the account",
"0x23df":"No MDS Data Returned: internal connection lost or server not responding. this should be rare",
"0x3004":"Invalid Account: The users mpki account associated with the certificate is not valid or not yet active",
"0x4101":"Internal Error: internal server error, user should try again later. (Also check that State is spelled out",
"0x3101":"Missing admin role: Your account does not have the admin role required to access the webservice API",
"0x3085":"Account does not have webservice feature.: Your account does not the the webservice role required to access the webservice API",
"0x9511":"Corrupted CSR : the submitted CSR was mal-formed",
"0xa001":"Public key format does not match.: The public key format does not match the original cert at certificate renewal or replacement. E.g. if you try to renew or replace an RSA cert with a DSA or ECC key based CSR",
"0x0143":"Certificate End Date Error: You are trying to replace a certificate with validity end date exceeding the original cert. or the certificate end date is not valid",
"0x482d":"SHA1 validity check error: What error code do we get when we submit the SHA1 SSL requests with the validity more than 12/31/2016?",
"0x482e":"What error code do we get when we cannot complete the re-authentication for domains with a newly-approved gTLD 30 days after the gTLD approval",
"0x4824":"Per CA/B Forum baseline requirements, non-FQDN certs cannot exceed 11/1/2015. Examples: hostname, foo.cba (.cba is a pending gTLD)",
"eE0x48":"Currently the maximum cert validity is 4-years",
"0x4826":"OU misleading. See comments",
"0x4827":"Org re-auth past due. EV org has to go through re-authentication every 13 months; OV org has to go through re-authentication every 39 months",
"0x482a":"Domain re-auth past due. EV domain has to go through re-authentication every 13 months; OV domain has to go through re-authentication every 39 months.",
"0x482b":"No org address was set to default, should not happen",
"0x482c":"signature algorithm does not match intended key type in the CSR (e.g. CSR has an ECC key, but the signature algorithm is sha1WithRSAEncryption)",
"0x600E":"only supports ECC keys with the named curve NIST P-256, aka secp256r1 or prime256v1, other ECC key sizes will get this error ",
"0x6013":"only supports DSA keys with (2048, 256) as the bit lengths of the prime parameter pair (p, q), other DSA key sizes will get this error",
"0x600d":"RSA key size < 2A048",
"0x4828":"Verisign certificates can be at most two years in length",