This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Help

Who rated this post

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
PeterL
Participant
‎2024-08-27 11:39 PM
In response to Emil_T

You make the choice between "Strong" and "Legacy" PKCS#12 the moment you export the certificate from your windows system.

Consider the following scenario :

You obtain a certificate for use with your SSL VPN on the Check Point, either from one of the publicly trusted issuers (like DigiCert, VeriSign, GlobalSign, etc...) or from some other corporate/enterprise/internal PKI.

You import it into the Check Point, but are confronted with the 'the password you entered is incorrect' error.

As a solution, you can import this certificate into the certificate store of a Windows machine, and export it out again (making sure to export the private key as well) in a PKCS#12 format.  At this point you can choose what type of encryption is used for the private key and the password used for this encryption.  This is where you select 'legacy' encryption. (°)

Normally, this exported certificate can now be imported into the Check Point.

Importing and exporting certificates is done through the certificate manager (mmc plug-in 'Certificates'), and has no bearing whatsoever with Windows explorer and/or Edge browser.

 

(°) In my up to date Windows 11 machine, I see that these encryption options have been changed/renamed to 'TripleDES-SHA1' or 'AES256-SHA256'.

(1)
Who rated this post