After upgrading the FortiAuthenticator to version 6.6.0/6.6.1, the following error can occur during assigning FortiToken.

Unable to provision token FTKMOBxxxxxxx: Unknown error. Your changes have been rolled back. Please try again later.

FTM provision error: problem with SSL comm layer: failed to recv response header: SSL communication layer error

Failed to send registration update (code = -14)

FGD SMS: problem with SSL comm layer

Also visible from the logs:

2024-05-27T14:42:58.717015+08:00 FortiAuthenticator gui[16524] debug fac.home.www-data.fac.fac.apps.fac_auth.clibs __init__ 140249236948672 Token provisioning request is from FAC.
2024-05-27T14:42:59.030889+08:00 FortiAuthenticator gui[16524] error fac.home.www-data.fac.fac.apps.fac_auth.clibs __init__ 140249236948672 FTM provisioning request failed for "FTKMOBxxxxxxx": Unknown error (error code -14)

date=2024-05-27 time=06:37:57+0000 oid=39680 logid=30909 cat="Event" subcat="System" level="error" nas="" action="" status="" msg="FTM provision error: problem with SSL comm layer: failed to recv response header: SSL communication layer error" user="admin"
date=2024-05-27 time=06:37:57+0000 oid=39679 logid=10002 cat="Event" subcat="Admin Configuration" level="information" nas="" action="Edit" status="" msg="Assigning FortiToken FTKMOBxxxxxxx to local user test" user=""

Check if FortiAuthenticator can ping fortitokenmobile.fortinet.com:

exe ping fortitokenmobile.fortinet.com

For the solution, follow the next steps, re-uploading the VM license will solve the issue:

• To regenerate the certificate, it is necessary to upload another license (temporary license).
• FortiAuthenticator reboots.
• Install the original license.
• FortiAuthenticator reboots again.
• The system triggers certificate regeneration with the correct cipher that is accepted by FortiGuard servers.

Note: The license can be found in the Support portal. Ensure the NTP is enabled and the time is correct.