Troubleshooting

The following tips may be helpful when troubleshooting issues with the Keyfactor Mac Auto Enrollment Certificate enrollment refers to the process by which a user requests a digital certificate. The user must submit the request to a certificate authority (CA).:

• Check the agent logs. By default, these are located in the /etc/keyfactor/macagent/logs directory. If the logging level is not set at verbose, set the logging level at verbose in the PList file (see Client PList Configuration File) and reproduce the problem.
• Agent hangs and needs to be restarted or you need to restart the agent for troubleshooting, in a terminal as the user (not root):
  • Stop agent:
    launchctl unload /Library/LaunchAgents/com.keyfactor.macagent.plist
  • Start agent:
    launchctl load /Library/LaunchAgents/com.keyfactor.macagent.plist
• To clear the user credentials to enable entry of a different user, delete the credentials storage file, which has an extension of .cmsagentconfig and is found in the following folder by default:
  /etc/keyfactor/macagent/data
• Be aware that attempts to export the private key Private keys are used in cryptography (symmetric and asymmetric) to encrypt or sign content. In asymmetric cryptography, they are used together in a key pair with a public key. The private or secret key is retained by the key's creator, making it highly secure. of the certificate will fail. The private key of the certificate is not exportable.