This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
pfinksai
Participant
‎2022-04-11 11:41 PM
Jump to solution

SSL VPN Certificate Replace password error

Hi All, 

 

I've tried mobile access sslvpn certificate replace but there is a error that "the password you entered is incorrect". 

How I reset this password or how can I solve this problem ? 

 

Thank you. 

0 Kudos
1 Solution

Accepted Solutions
PeterL
Participant
‎2023-06-30 12:23 AM
Jump to solution

Hi all,

 

I just ran into the exact same issue, even though I was pretty sure the password was correct (unless my PC's copy-and-paste function was broken).  After some testing, seemed that the .pfx (renamed to .p12) was exported from a Windows machine using AES256-SHA256 to encrypt the export-password.  Re-exporting the certificate with a 3DES-SHA1 encryption of the export-password did wonders.

Just adding my two cents here.  If it saves anybody some time, it was worth the while.

View solution in original post

(1)
10 Replies
_Val_
Admin
Admin
‎2022-04-12 12:10 AM
Jump to solution

Please explain which certificate you are replacing and how. If the password is for p12 certificate file, you cannot "reset" it.

0 Kudos
pfinksai
Participant
‎2022-04-12 12:13 AM
In response to _Val_
Jump to solution

Thanx for reply.  Yes, p12 certificate file. How can I renew it without password reset ? 

0 Kudos
_Val_
Admin
Admin
‎2022-04-12 12:16 AM
In response to pfinksai
Jump to solution

You need to find out the password or create another p12 file with a password you know

pfinksai
Participant
‎2022-04-12 12:19 AM
In response to _Val_
Jump to solution

Thank you.

0 Kudos
PointOfChecking
Collaborator
‎2025-03-05 12:14 AM
In response to _Val_
Jump to solution

Hi Val,

 

I thought this was the case too, because the password is a part of the certificate right?

However, my colleague showed me you can change the password from the checkpoint mobile client.

If you select your p12 certificate, then click on the certificate icon beneath browse, this will give you the option to change password on the new window that appears.

 

Can you explain how this works?  I thought the password was part of the certificate itself, in order to change the password, you needed to change the certiifcate?  I though a new enrollment would be needed.

Pls help to explain.

 

Thanks.

 

0 Kudos
PeterL
Participant
‎2023-06-30 12:23 AM
Jump to solution

Hi all,

 

I just ran into the exact same issue, even though I was pretty sure the password was correct (unless my PC's copy-and-paste function was broken).  After some testing, seemed that the .pfx (renamed to .p12) was exported from a Windows machine using AES256-SHA256 to encrypt the export-password.  Re-exporting the certificate with a 3DES-SHA1 encryption of the export-password did wonders.

Just adding my two cents here.  If it saves anybody some time, it was worth the while.

(1)
Podu
Explorer
‎2024-02-22 04:17 AM
In response to PeterL
Jump to solution

Thank you for that! I've already spent some time debugging though. 😄

I've generated a key pair with Keystore Explorer. For every PKCS#12 export I got the message ""the password you entered is incorrect". I've changed the Explorer's settings from "strong" PKCS#12 encryption to "legacy" encryption and was able to import the cert on the gateway. R81.10

0 Kudos
Emil_T
Collaborator
‎2024-08-27 09:50 AM
In response to Podu
Jump to solution

How can I change the Explorer's settings from "strong" PKCS#12 encryption to "legacy" encryption ? Do you mean file explorer? Or maybe Edge browser?

0 Kudos
PeterL
Participant
‎2024-08-27 11:39 PM
In response to Emil_T
Jump to solution

You make the choice between "Strong" and "Legacy" PKCS#12 the moment you export the certificate from your windows system.

Consider the following scenario :

You obtain a certificate for use with your SSL VPN on the Check Point, either from one of the publicly trusted issuers (like DigiCert, VeriSign, GlobalSign, etc...) or from some other corporate/enterprise/internal PKI.

You import it into the Check Point, but are confronted with the 'the password you entered is incorrect' error.

As a solution, you can import this certificate into the certificate store of a Windows machine, and export it out again (making sure to export the private key as well) in a PKCS#12 format.  At this point you can choose what type of encryption is used for the private key and the password used for this encryption.  This is where you select 'legacy' encryption. (°)

Normally, this exported certificate can now be imported into the Check Point.

Importing and exporting certificates is done through the certificate manager (mmc plug-in 'Certificates'), and has no bearing whatsoever with Windows explorer and/or Edge browser.

 

(°) In my up to date Windows 11 machine, I see that these encryption options have been changed/renamed to 'TripleDES-SHA1' or 'AES256-SHA256'.

(1)
Emil_T
Collaborator
‎2024-09-02 06:56 AM
In response to PeterL
Jump to solution

I exported from windows to TripleDES-SHA1 and then the import to checkpoint was successful

Thx

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events