This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
PointOfChecking
Collaborator
2 weeks ago

How to change certificate password of Checkpoint Mobile VPN - Certificate Password

I've looked everywhere and it doesn't appear that anyone has posted this previously so I thought I'd post a short guide on this.

 

To change the client certificate password of your Checkpoint Mobile Access VPN certificate, you can follow the below steps.

 

1. Open your Check Point Mobile Client and browse to your certificate if it isn't already populated in the field.

2. Click on the "Certificate" Icon highlighted in the below screenshot

pic1.png

 

 

 

 

 

 

 

 

 

 

 

 

 

 

3. Enter the current certificate password into the presented prompt as shown below

pic2.png

 

 

 

 

 

4. On the window that appears, click the "Change Password" button as shown below

pic3.png

 

 

 

 

 

 

 

 

 

 

 

 

 

5. On the "Change Certificate Password" window that appears, enter the old and new passwords as prompted and press "OK".  If you've done this correctly, you will be shown the "Certificate password replaced successfully" window as below

pic4.png

 

 

 

 

 

 

 

 

 

6. You can now press "OK" to close all the windows and connect with your new password.

 

Easy and quick to do!

 

This does rely on the user proactively changing the password and doesn't force any complex rules, but it's one step in the right direction.

If anyone knows how to to configure a minimum time period to force password change, or to enforce complexity requirements, I would love to know, so please reply to this post.

 

Thank you for reading!

 

(1)
7 Replies
_Val_
Admin
Admin
2 weeks ago

Why would you need to do that in the first place?

0 Kudos
PointOfChecking
Collaborator
2 weeks ago
In response to _Val_

Thanks for reading Val,

I understand without the actual certificate file, knowing the password is useless.

I also understand that if someone had made a copy of the certificate file and stolen it, changing the password on the original certificate will not change the password on the stolen certificate.

 

However, as you know, most companies have password policies which require you to change your password on a frequent basis.

Not being able to change it breaks those policies.

Even if you don't agree with some of the policies, if they've been set, you must find a way to follow them sadly.

 

If this helps one unlucky engineer, then it's a post worth posting I think 😀

 

(1)
the_rock
Legend
Legend
a week ago
In response to PointOfChecking

Super valid point, thanks for sharing!

Andy

0 Kudos
G_W_Albrecht
Legend Legend
Legend
13 hours ago
In response to PointOfChecking

Sure ! But to require you to change your password on a frequent basis does not make anything safer, quite the contrary, as people then use simpler passwords. Many companies have dropped this requirement out of good reasons...

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
PhoneBoy
Admin
Admin
Tuesday

I've had to do this a few times myself for various reasons.
Thanks for sharing!

0 Kudos
PointOfChecking
Collaborator
14 hours ago
In response to PhoneBoy

Here's a question for you, if I may.

 

Is there a way to lock the certificate if say 5 failed attempts were made on the password?

Otherwise a brute force attack can be made on the certificate to get it's password?

 

0 Kudos
PhoneBoy
Admin
Admin
10 hours ago
In response to PointOfChecking

No, and I'm not sure how a password-protected file of any kind would implement such "brute force protection" against any tool that might be able to read it.

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events