Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
pfinksai
Participant
Jump to solution

SSL VPN Certificate Replace password error

Hi All, 

 

I've tried mobile access sslvpn certificate replace but there is a error that "the password you entered is incorrect". 

How I reset this password or how can I solve this problem ? 

 

Thank you. 

0 Kudos
1 Solution

Accepted Solutions
PeterL
Participant

Hi all,

 

I just ran into the exact same issue, even though I was pretty sure the password was correct (unless my PC's copy-and-paste function was broken).  After some testing, seemed that the .pfx (renamed to .p12) was exported from a Windows machine using AES256-SHA256 to encrypt the export-password.  Re-exporting the certificate with a 3DES-SHA1 encryption of the export-password did wonders.

Just adding my two cents here.  If it saves anybody some time, it was worth the while.

View solution in original post

(1)
9 Replies
_Val_
Admin
Admin

Please explain which certificate you are replacing and how. If the password is for p12 certificate file, you cannot "reset" it.

0 Kudos
pfinksai
Participant

Thanx for reply.  Yes, p12 certificate file. How can I renew it without password reset ? 

0 Kudos
_Val_
Admin
Admin

You need to find out the password or create another p12 file with a password you know

pfinksai
Participant

Thank you.

0 Kudos
PeterL
Participant

Hi all,

 

I just ran into the exact same issue, even though I was pretty sure the password was correct (unless my PC's copy-and-paste function was broken).  After some testing, seemed that the .pfx (renamed to .p12) was exported from a Windows machine using AES256-SHA256 to encrypt the export-password.  Re-exporting the certificate with a 3DES-SHA1 encryption of the export-password did wonders.

Just adding my two cents here.  If it saves anybody some time, it was worth the while.

(1)
Podu
Explorer

Thank you for that! I've already spent some time debugging though. 😄

I've generated a key pair with Keystore Explorer. For every PKCS#12 export I got the message ""the password you entered is incorrect". I've changed the Explorer's settings from "strong" PKCS#12 encryption to "legacy" encryption and was able to import the cert on the gateway. R81.10

0 Kudos
Emil_T
Contributor

How can I change the Explorer's settings from "strong" PKCS#12 encryption to "legacy" encryption ? Do you mean file explorer? Or maybe Edge browser?

0 Kudos
PeterL
Participant

You make the choice between "Strong" and "Legacy" PKCS#12 the moment you export the certificate from your windows system.

Consider the following scenario :

You obtain a certificate for use with your SSL VPN on the Check Point, either from one of the publicly trusted issuers (like DigiCert, VeriSign, GlobalSign, etc...) or from some other corporate/enterprise/internal PKI.

You import it into the Check Point, but are confronted with the 'the password you entered is incorrect' error.

As a solution, you can import this certificate into the certificate store of a Windows machine, and export it out again (making sure to export the private key as well) in a PKCS#12 format.  At this point you can choose what type of encryption is used for the private key and the password used for this encryption.  This is where you select 'legacy' encryption. (°)

Normally, this exported certificate can now be imported into the Check Point.

Importing and exporting certificates is done through the certificate manager (mmc plug-in 'Certificates'), and has no bearing whatsoever with Windows explorer and/or Edge browser.

 

(°) In my up to date Windows 11 machine, I see that these encryption options have been changed/renamed to 'TripleDES-SHA1' or 'AES256-SHA256'.

(1)
Emil_T
Contributor

I exported from windows to TripleDES-SHA1 and then the import to checkpoint was successful

Thx

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events