Applies to: IDENTIKEY Authentication Server 3.9 or later.
KB 150181– 23/06/2017 2017 VASCO Data Security. All rights reserved.
Page 1 of 4
KB 150181
Unable to logon to the IDENTIKEY Authentication Server webadmin due to an incorrect SSL
certificate.
Creation date: 20/06/2017 Last Review: 23/06/2017 Revision number: 2
Summary
When you try to logon to the IDENTIKEY Authentication Server (IAS) webadmin, you
get the message “Unable to logon”.
In the IAS full trace, you get the message: Error -904 in function "SOAPCallTask::process (soap_ssl_accept)": Failed to initialise SOAP SSL
connection. This article describes how to troubleshoot this error.
Problem symptoms / details.
When you try to logon to the web admin you get the message
In the full trace of the IDENTIKEY Server, you get the message “Failed to initialise SOAP
SSL connection”:
Document type: How To Security status: EXTERNAL
Applies to: IDENTIKEY Authentication Server 3.9 or later.
KB 150181– 23/06/2017 2017 VASCO Data Security. All rights reserved.
Page 2 of 4
[2017/06/20|12:55:50.967542UTC][S0/P2676/T04712][MAJOR][ClientSOAPContext::complete
Connection] > soap_ssl_accept returned an error (30) soap.error = (SSL_ERROR_SSL error:1407609C:SSL
routines:SSL23_GET_CLIENT_HELLO:http request). Errno (0).Error Detail = (SSL_accept()
failed in soap_ssl_accept())
[2017/06/20|12:55:50.968542UTC][S0/P2676/T04712][MINOR][SOAPCallTask::process] > class vasco::CommsProtocolException: Error -904 in function "SOAPCallTask::process
(soap_ssl_accept)": Failed to initialise SOAP SSL connection
This can happen after you rerun the installation wizard or if you changed the SOAP
certificate or the SOAP settings.
Note: If the logon attempt from the web admin tool is not logged in the full trace file, you should
check first is the soap connection to the server is working. See also KB 150158
Problem Solution.
If the SSL certificate of the server is expired or invalid, you need to create a new one. This can be done using the IAS configuration wizard.
The admintool of the webadmin can then be used to import the certificate in the
truststore of the webadmin application. (the procedure is described below)
When you install the webadmin on the same server as the IAS server, this is done
during the installation process. Therefore, if the webadmin is on the same server as
the IAS, reinstalling the webadmin should solve the issue.
Procedure to reimport the (new) SOAP certificate of the IAS in the truststore
of the webadmin using the admintool
• Use the admintool with the “server list” option to view the registered servers:
• Delete the server dor which you want to change the certificate (using “server
delete <servername>” as argument):
Applies to: IDENTIKEY Authentication Server 3.9 or later.
KB 150181– 23/06/2017 2017 VASCO Data Security. All rights reserved.
Page 3 of 4
• Autoadd the server again using “autoadd <Servername> <URL of SOAP port
IAS>”:
• Restart the webadmin service:
Remarks:
• The <servername> in the admintool arguments is what you see in the webadmin
login screen:
Applies to: IDENTIKEY Authentication Server 3.9 or later.
KB 150181– 23/06/2017 2017 VASCO Data Security. All rights reserved.
Page 4 of 4
• On a Windows server the admintool is a .bat file.
On a Linux server it is a shell script file:
• If you run the admintool with the -- help option, you get more information on the
possible options and arguments.