Troubleshooting
Chain shows as INTACT but I expected a failure
The chain verification reports all failures — it does not short-circuit. If the chain is reported as INTACT, every signature and every hash link verified correctly. If you expected a specific failure, confirm you are looking at the correct tenant (Jira workspace) and that the entry you are checking was actually ingested.
An entry shows status ⚠️ Pending
A Pending entry means the RFC 3161 timestamp token from the timestamp authority (TSA) has not yet been received and stored. This is a temporary state.
Common causes:
- The TSA was briefly unreachable at the time the entry was created
- High ingestion volume caused the timestamp request to be queued
Resolution: The background retry job runs automatically and resolves pending entries as soon as the TSA responds. Pending entries typically resolve within a few minutes. If an entry remains pending for more than 30 minutes, contact support.
Pending entries do not break the chain — they use a documented sentinel value (ATTESTSYS_PENDING_TSA_V1) in place of the timestamp token, and the chain linkage is maintained.
An entry shows status ❌ Failed
A Failed status means either the ECDSA signature is invalid for that entry's signed payload, or the prev_hash does not match the SHA-256 of the previous entry's signed payload.
This is a tamper signal. Do not dismiss it. Immediately:
- Download an evidence bundle for the affected project
- Open
verify.htmloffline to get the full failure report with entry IDs and failure types - Contact support at security@attestsys.com with the bundle and the failure report
I received HTTP 402 when downloading an export bundle
Your workspace has reached the 10-export limit for the current calendar month on the free tier. The admin page shows how many exports have been used and the UTC reset date.
Options:
- Wait until the monthly reset (first day of next calendar month, 00:00 UTC)
- Upgrade to a paid edition for unlimited exports
Events are not appearing in the issue panel
Check 1 — App installation. Confirm the Attestsys app is installed in your Jira workspace and the Forge app has been granted the required permissions.
Check 2 — First event. The issue panel only shows entries that were captured after the app was installed. Historical Jira activity before installation is not retroactively signed.
Check 3 — Event type. Not all Jira event types produce a chain entry. Confirm the action you performed is in the list of captured events.
Check 4 — Deduplication. If Jira fires multiple overlapping events for a single user action, only one chain entry is created. The deduplication logic uses the source event ID — if you performed one action and see one entry, this is correct behaviour.
⚠️ MANUAL REVIEW REQUIRED — Add specific error codes and backend error messages here once the app has been through real-world testing with users.
The verify.html file shows TSA certificate errors
verify.html checks the structure and signature of the RFC 3161 timestamp token but does not perform online TSA certificate revocation checks (OCSP/CRL). If you see a TSA certificate structure error (as opposed to a revocation warning), this is unexpected — contact support.
If you need to verify TSA revocation status for legal purposes, use an online RFC 3161 verification tool or a qualified professional.
I cannot access the admin page
The admin page is only accessible to Jira site administrators and project administrators. Regular project members can view the issue panel but not the admin page. Contact your Jira administrator to request access.
Support
For issues not covered here, contact support at support@attestsys.com.
⚠️ MANUAL REVIEW REQUIRED — Confirm the support email address is set up and monitored before the Marketplace listing goes live.