Summary

This article explains why you get the error “No subject alternative names matching IP address” when you are installing the DIGIPASS Gateway.

Details

While installing the DIGIPASS Gateway (DPGW) you end up with the following error:
"Error while testing the connection to the primary Identikey server ConnectionTest error: Java.security.cert.certificateException: No subject alternative names matching IP addressx.x.x.x found"

This error indicates that the DIGIPASS Gateway is verifying the subject alternative name in the SOAP certificate of the OneSpan Authentication Server (OAS) and is not finding it.

 

IN DPGW Log you get:

[ERROR] 07-07-2020 13:21:13 com.onespan.dpgateway.interceptor.SoapConnectionErrorInterceptor intercept - SOAP connection to OAS could not be established.
Primary connection failure: <java.security.cert.CertificateException: No subject alternative names present>

IN OneSpan Authentication server (OAS) Log you get : 

Reason : class vasco::CommsProtocolException: Error -904 in function "SOAPCallTask::process (soap_ssl_accept)": Failed to initialise SOAP SSL connection; 

Problem Solution

Verify the SOAP certificate in OAS:

On a windows server you can do the following:
Make a copy of the OAS SOAP certificate (ikey_soap_serverca.pem) and rename the .pem extension to .cer.
Open the .cer file to see the certificate details
Confirm that the Subject Alternative Name contains the IP address of the OAS
   

_________________________________________________________________________________________________________________

Security Status: External

Document type: How To

Applies to: Authentication Server / DIGIPASS Gateway

Old KB Reference: 150192

Internal Reference: PRB0040330