You can browse the following URL to troubleshoot the PKI related issues:
https://127.0.0.1:8440/api/v1/pki/getmessage?nowait
The PKI service returns one of the following as response:
NO_READER indicates no reader is connected.
NO_CARD if a card is not presented.
CARD_ON if a card is presented.
This section contains the following PKI issues:
Issue: When you connect the PKI token to your system and initiate enrollment on the Self-Service portal, if an error message Unexpected service status: PLUGIN_NOT_INITTED is displayed. This issue occurs due to the invalid dll path in the configuration file.
Workaround: Ensure valid path to the dll file is specified in the configuration file. You can search for opensc-pkcs11.dll or libykcs11-1.dll in the C drive and specify the full path using \\ in place of \.
You can plug the Yubikey token to your system and navigate to the URL https://127.0.0.1:8441/api/v1/pki/getmessage?nowait to view the status of the token. The status must display as CARD_ON.
When you import the certificate to the token, navigate to the URL https://127.0.0.1:8441/api/v1/pki/getcertificates to view the certificate data.
If you are unable to enroll PKI using YubiKey token on the Self-Service portal then try to export the logs to investigate the issue.
Issue: When you try to import certificate to the YubiKey token using the yubico-piv-tool, an error message Failed authentication with the application is displayed.
Workaround: You must reset PIN of the token in one of the following ways:
Specify incorrect PIN three times consecutively and then reset the PIN (default PIN is 123456).
Specify incorrect PUK code (default PUK code is 12345678) of the same length (for example, 87654321) then reset the PIN.
You can import the certificate to the YubiKey token after resetting the PIN.