Applies to: IDENTIKEY Authentication Server 3.9 or later.

KB 150181– 23/06/2017 2017 VASCO Data Security. All rights reserved.

Page 1 of 4

KB 150181

Unable to logon to the IDENTIKEY Authentication Server webadmin due to an incorrect SSL

certificate.

Creation date: 20/06/2017 Last Review: 23/06/2017 Revision number: 2

Summary

When you try to logon to the IDENTIKEY Authentication Server (IAS) webadmin, you

get the message “Unable to logon”.

In the IAS full trace, you get the message: Error -904 in function "SOAPCallTask::process (soap_ssl_accept)": Failed to initialise SOAP SSL

connection. This article describes how to troubleshoot this error.

Problem symptoms / details.

When you try to logon to the web admin you get the message

In the full trace of the IDENTIKEY Server, you get the message “Failed to initialise SOAP

SSL connection”:

Document type: How To Security status: EXTERNAL

Applies to: IDENTIKEY Authentication Server 3.9 or later.

KB 150181– 23/06/2017 2017 VASCO Data Security. All rights reserved.

Page 2 of 4

[2017/06/20|12:55:50.967542UTC][S0/P2676/T04712][MAJOR][ClientSOAPContext::complete

Connection] > soap_ssl_accept returned an error (30) soap.error = (SSL_ERROR_SSL error:1407609C:SSL

routines:SSL23_GET_CLIENT_HELLO:http request). Errno (0).Error Detail = (SSL_accept()

failed in soap_ssl_accept())

[2017/06/20|12:55:50.968542UTC][S0/P2676/T04712][MINOR][SOAPCallTask::process] > class vasco::CommsProtocolException: Error -904 in function "SOAPCallTask::process

(soap_ssl_accept)": Failed to initialise SOAP SSL connection

This can happen after you rerun the installation wizard or if you changed the SOAP

certificate or the SOAP settings.

Note: If the logon attempt from the web admin tool is not logged in the full trace file, you should

check first is the soap connection to the server is working. See also KB 150158

Problem Solution.

If the SSL certificate of the server is expired or invalid, you need to create a new one. This can be done using the IAS configuration wizard.

The admintool of the webadmin can then be used to import the certificate in the

truststore of the webadmin application. (the procedure is described below)

When you install the webadmin on the same server as the IAS server, this is done

during the installation process. Therefore, if the webadmin is on the same server as

the IAS, reinstalling the webadmin should solve the issue.

Procedure to reimport the (new) SOAP certificate of the IAS in the truststore

of the webadmin using the admintool

• Use the admintool with the “server list” option to view the registered servers:

• Delete the server dor which you want to change the certificate (using “server

delete <servername>” as argument):

Applies to: IDENTIKEY Authentication Server 3.9 or later.

KB 150181– 23/06/2017 2017 VASCO Data Security. All rights reserved.

Page 3 of 4

• Autoadd the server again using “autoadd <Servername> <URL of SOAP port

IAS>”:

• Restart the webadmin service:

Remarks:

• The <servername> in the admintool arguments is what you see in the webadmin

login screen:

Applies to: IDENTIKEY Authentication Server 3.9 or later.

KB 150181– 23/06/2017 2017 VASCO Data Security. All rights reserved.

Page 4 of 4

• On a Windows server the admintool is a .bat file.

On a Linux server it is a shell script file:

• If you run the admintool with the -- help option, you get more information on the

possible options and arguments.