You cannot login

"The connection for this site is not secure" or "Secure Connection Failed" error message when trying to login to the 3SKey portal

The connection to the 3SKey portal uses the 3SKey software and the 3SKey token. The connection may fail if the technical requirements are not met.

Other possible error messages are:
ERR_BAD_SSL_CLIENT_AUTH_CERT
SEC_ERROR_PKCS11_GENERAL_ERROR

If you get an error message after clicking the Login button on https://www2.swift.com/3skey or after selecting your corp certificate, then please perform the following actions:

1	Verify that the 3SKey software is installed and running

Verify that the 3SKey software has been installed on your system and that the Safenet Authentication Client is running. You should see the icon in the notification area at the bottom right of your desktop.

If the Safenet Authentication Client software is not running, then please start it from the Start Menu : All Programs > Safenet > Safenet Authentication Client > Safenet Authentication Client.

2	Verify that the token is detected on the system

If the token is detected in the Safenet Authentication Client software the icon will be bright red. Right-clicking the icon and clicking on "Certificate Information" shows the certificate data on the token.


On this screen you can verify that the certificate is not expired (status Valid) and test its password using the Log On button. You can also verify that the token has been activateed by double-clicking the corpxxxxxxxx certificate to display its properties. The policy displayed will be 1.3.21.6.3.20.200.1 for an activated business certificate. If the policy is 1.3.21.6.6.10.200.2 then the token must still be activated on the 3SKey portal. The presence of the certificate does not mean that the token is valid for signing or hasn't been revoked. Login with the token on the 3SKey portal to verify that the certificate is valid and activated, and check with your bank partners that it's been registered with them.

If the token is not detected by the Safenet application, check that the power led of the USB token is on. Compare with another USB port, another computer and another token to determine if the issue is linked to the port, computer or token.

With the help of your IT support check in the Device Manager (devmgmt.msc) that the token appears as USB Token under USB Controlers. In the Windows services (services.msc) restart the following services:

• Smart Card
• Certificate Propagation

If after these checks the token is not detected properly, please contact SWIFT 3SKey support to assess whether the token is physically defective. Note that a token that was activated more than 3 months before it stopped working, or a token that was locked or revoked by the user, is not eligible for a warranty replacement. A warranty replacement must be verified by SWIFT 3SKey support, and confirmed to your bank by SWIFT support.

3	Cleanup the Windows certificate cache

1. Unplug your 3SKey token(s)
2. Open the Personal Certificates store

Open the Internet Properties by searching for Intenet Options in the Windows Start Menu. Then go the Content tab and click on Certificates.

3. If present remove cached 3SKey certificates issued by SWIFT

If you see a corpxxxxxxxx certificate issued by SWIFT in the Personal or Other People tabs when no 3SKey tokens are plugged in, then you can safely remove it (the actual certificate resides on the token). Other personal certificates may be installed on your system - make sure that you only remove the corp certificates issued by SWIFT.


4. Clear the SSL State

Click Close to return to the Content tab, then click on Clear SSL State.


5. Verify that the certificate is redetected and valid

Reinsert the token and after 5 seconds click on Certificates to verify that the corp certificate of the token has been redetected.

Verify the validity of the certificate: if the "Expiration Date" value has passed this means your certificate is expired and needs recovery.

6. Attempt to login again and verify that you are selecting the certificate that corresponds to your token

Go to https://www2.swift.com/3skey and click on login. If a certificate selection window opens and you do not see your corp certificate click on More Choices to select it.

4	Reset the TLS and browser settings

If the certificate is detected but you still can't login, then proceed with the following steps:

1. Go to Internet Options > Advanced. In the dropdown list de-select all the SSL and TLS settings, then click on apply. Then reselect TLS 1.2 (higher versions can also be reselected) and click on apply.
   
2. On the same screen, click on Restore advanced settings under the dropdown list to reset the Internet Properties.
3. In the General tab click Delete under Browsing History. Tick the boxes Temporary Internet files and website files as well as Cookies and website data. Then click the Delete button.
4. Click OK to apply the changes. Restart your computer if prompted to.

5	Check your organisation's network and security settings

If the certificate is detected but you still cannot login to the 3SKey portal after going through the above steps then contact your local IT support to check that nothing blocks or filters the TLS connection to the secure part of the portal https://www.3skey.com (IP 149.134.170.3) at the proxy, firewall or security level of your enterprise's infrastructure. If you have the Bit Defender antivirus you must uncheck "Encrypted web scan" under Online Threat Prevention. Kasperky antivirus can also filter the access to the secure web page.

To confirm that the token and its certificate can be accessed and that the issue is not with the local computer you can open a command prompt (start > cmd.exe) and run "certutil -scinfo". The command should prompt you for the token password then display its corpxxxxxxxx certificate.