KB_150181: Unable to logon to the IDENTIKEY Authentication Server webadmin due to an incorrect SSL certificate.6/23/2017 1:23:48 PM
When you try to logon to the IDENTIKEY Authentication Server (IAS) webadmin, you get the message “Unable to logon”.
In the IAS full trace, you get the message:
Error -904 in function "SOAPCallTask::process (soap_ssl_accept)": Failed to initialise SOAP SSL connection.
This article describes how to troubleshoot this error.
Problem symptoms / details.
When you try to logon to the web admin you get the message
In the full trace of the IDENTIKEY Server, you get the message “Failed to initialise SOAP SSL connection”:
Connection] > soap_ssl_accept returned an error (30) soap.error = (SSL_ERROR_SSL
routines:SSL23_GET_CLIENT_HELLO:http request). Errno (0).Error Detail = (SSL_accept()
failed in soap_ssl_accept())
class vasco::CommsProtocolException: Error -904 in function "SOAPCallTask::process
(soap_ssl_accept)": Failed to initialise SOAP SSL connection
This can happen after you rerun the installation wizard or if you changed the SOAP certificate or the SOAP settings.
Note: If the logon attempt from the web admin tool is not logged in the full trace file, you should check first is the soap connection to the server is working. See also KB 150158
If the SSL certificate of the server is expired or invalid, you need to create a new one. This can be done using the IAS configuration wizard.
The admintool of the webadmin can then be used to import the certificate in the truststore of the webadmin application. (the procedure is described below)
When you install the webadmin on the same server as the IAS server, this is done during the installation process. Therefore, if the webadmin is on the same server as the IAS, reinstalling the webadmin should solve the issue.
Procedure to reimport the (new) SOAP certificate of the IAS in the truststore of the webadmin using the admintool
• Use the admintool with the “server list” option to view the registered servers:
• Delete the server dor which you want to change the certificate (using “server delete <servername>” as argument):
• Autoadd the server again using “autoadd <Servername> <URL of SOAP port
• Restart the webadmin service:
• The <servername> in the admintool arguments is what you see in the webadmin
• On a Windows server the admintool is a .bat file.
On a Linux server it is a shell script file:
• If you run the admintool with the -- help option, you get more information on the possible options and arguments.
Applies to: IDENTIKEY Authentication Server 3.9 or later.
KB 150181– 23/06/2017
© 2017 VASCO Data Security. All rights reserved.