00021: Internal exception during token login
00021: The password for this token expired
Error message during the login to the 3SKey portal
If non-3SKey certificates were copied to your 3SKey token you may encounter a message 00021: Internal exception during token login, or a message 00021: The password for this token has expired, when you try to connect to the 3SKey portal:
Non-3SKey certificates being imported to the token is not a security concern and does not impact your signing operations with the 3SKey certificate. However it will prevent you from logging in to the 3SKey portal to renew or manage your token. This may happen when the 3SKey software installation was not complete and a particular setting is missing. In that case, when you install a non-3SKey certificate on your system with a 3SKey token plugged in, you may receive a prompt to import that certificate onto your token. If you answer yes the certificate will be copied on your token.
Resolution
Contact 3SKey Corporate Support and mention this error message, they will cleanup the certificates on the token with you. SWIFT recomments that you do not attempt this operation without help from support, so that you do not risk deleting your 3SKey certificate.
-
With help of your IT support, open the Windows registry editor (regedit.exe) and please verify that the following entries exist. They prevent that other certificates get imported to the token and are automatically created during the installation of the 3SKey software. SWIFT strongly recommends that you do not make any modification yourself to the registry.
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\SafeNet\Authentication\SAC\AccessControl] "ImportCertificate"=dword:00000000
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\SafeNet\Authentication\SAC\CertStore] "AddToTokenOnNewCertInStore"=dword:00000000
If these entries are missing, then we recommend that you remove your tokens, uninstall the SWIFT Token Client, restart your computer and reinstall the 3SKey software. This will ensure that all settings are configured properly. Administrator rights on your system are required to start the installation.
Notes:
- Another message 00021 may be related to the token password, see 00021: Token and/or password incorrect.
- The error message will be updated in a future release so that it does not indicate that the token password expired.