Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Can't import p12 certificate #414

Closed
GreamDesu opened this issue Jul 3, 2018 · 8 comments
Closed

Can't import p12 certificate #414

GreamDesu opened this issue Jul 3, 2018 · 8 comments

Comments

@GreamDesu
Copy link

GreamDesu commented Jul 3, 2018
edited
Loading

Checked three times, when I've generated my client certificate I typed my password, but when I try to import it to certificate store it says that password is incorect, however I checked it.
OS: Win 10
@hwdsl2
Copy link
Owner

hwdsl2 commented Jul 3, 2018

@GreamDesu Hello! Cannot reproduce this issue on a Windows 10 system. This is usually caused by incorrectly typing it or copy paste errors (extra space, etc.) Try regenerate the client certificate .p12 file with a different password and import again.

@hwdsl2 hwdsl2 closed this as completed Jul 3, 2018
@GreamDesu
Copy link
Author

GreamDesu commented Jul 3, 2018
edited
Loading

@hwdsl2 tried it three times with different passwords even with empty password, but still it says that password is incorrect

@hwdsl2
Copy link
Owner

hwdsl2 commented Jul 3, 2018

@GreamDesu What is your Windows 10 version (e.g. 1803) and what is your server’s Linux distribution and version (e.g. Ubuntu 16.04)?

@GreamDesu
Copy link
Author

@hwdsl2 Windows 10 1803, Ubuntu 18.04

@NUWebStudio
Copy link

Hi, How did you resolve this issue I seem to have exact same issue wont import via mmc.exe on windows 10 says password is incorrect even when i set it to something simple like 1234. Error logs on windows machine show this:
"PFX operation failed as Iteration count doesn't lie in expected range. Maximum permissible value: 600000. Erroneous value: 1000000."

When I run pk12util -l vpnclient.p12 on VPS it asks for password and shows the p12 contents so I know its being exported and read okay by VPS. Although this seems like a limitation on windows 10 as the Iteration count is above 600000.

@hwdsl2
Copy link
Owner

hwdsl2 commented Feb 5, 2019
edited
Loading

@NUWebStudio Hello! This is due to a bug in NSS [1] [2]. If your server runs CentOS/RHEL, use yum to update the nss package to the latest version, then re-export the .p12 file. From the changelog:

... ...
* Tue Mar 27 2018 Daiki Ueno <dueno@redhat.com> - 3.36.0-3
- Decrease the iteration count of PKCS#12 for compatibility with Windows
- Fix deadlock when a token is re-inserted while a client process is running
... ...

If using Ubuntu 18.04, there is currently no easy workaround until a fixed version of the libnss3 package [3] is available.

[1] https://bugzilla.redhat.com/show_bug.cgi?id=1559989
[2] https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.36.1_release_notes#Notable_Changes_in_NSS_3.36.1
[3] https://packages.ubuntu.com/search?keywords=libnss3&searchon=names

hwdsl2 added a commit that referenced this issue Feb 5, 2019
@hwdsl2
Update docs
d153a90 
- Add a known issue to IKEv2 docs. Ref: #414
- Cleanup
@NUWebStudio
Copy link

Thanks that makes sense, Im using Ubuntu 18.04 so will take a look at 3.

Cheers

nebulabox pushed a commit to nebulabox/setup-ipsec-vpn that referenced this issue Feb 12, 2019
@hwdsl2 @nebulabox
Update docs
f083b04 
- Add a known issue to IKEv2 docs. Ref: hwdsl2#414
- Cleanup
andyvip pushed a commit to andyvip/setup-ipsec-vpn that referenced this issue Oct 28, 2019
@hwdsl2 @andyvip
Update docs
83b04d7 
- Add a known issue to IKEv2 docs. Ref: hwdsl2#414
- Cleanup
denmojo pushed a commit to denmojo/setup-ipsec-vpn that referenced this issue Sep 23, 2020
@hwdsl2 @denmojo
Update docs
7d61f15 
- Add a known issue to IKEv2 docs. Ref: hwdsl2#414
- Cleanup
hwdsl2 added a commit that referenced this issue Jan 21, 2021
@hwdsl2
Update IKEv2 script
5e1b3e1 
- Apply fix for NSS bug on Ubuntu 18.04. Ubuntu 18.04 has NSS (libnss3)
  version 3.35, which has a bug with iteration counts that results in
  "incorrect password" errors when trying to import a generated ".p12"
  file to Windows. To fix this, we install newer versions of libnss3
  related packages from the official Ubuntu repo.
  Ref: #414
  https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.36.1_release_notes
  https://packages.ubuntu.com/focal/amd64/libnss3
- Other minor improvements
nebulabox pushed a commit to nebulabox/setup-ipsec-vpn that referenced this issue Aug 11, 2021
@hwdsl2 @nebulabox
Update IKEv2 script
c0a50b4 
- Apply fix for NSS bug on Ubuntu 18.04. Ubuntu 18.04 has NSS (libnss3)
  version 3.35, which has a bug with iteration counts that results in
  "incorrect password" errors when trying to import a generated ".p12"
  file to Windows. To fix this, we install newer versions of libnss3
  related packages from the official Ubuntu repo.
  Ref: hwdsl2#414
  https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.36.1_release_notes
  https://packages.ubuntu.com/focal/amd64/libnss3
- Other minor improvements
@lovedva
Copy link

lovedva commented Dec 18, 2021

@NUWebStudio Hello! This is due to a bug in NSS [1] [2]. If your server runs CentOS/RHEL, use yum to update the nss package to the latest version, then re-export the .p12 file. From the changelog:

... ...
* Tue Mar 27 2018 Daiki Ueno <dueno@redhat.com> - 3.36.0-3
- Decrease the iteration count of PKCS#12 for compatibility with Windows
- Fix deadlock when a token is re-inserted while a client process is running
... ...

If using Ubuntu 18.04, there is currently no easy workaround until a fixed version of the libnss3 package [3] is available.

[1] https://bugzilla.redhat.com/show_bug.cgi?id=1559989 [2] https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.36.1_release_notes#Notable_Changes_in_NSS_3.36.1 [3] https://packages.ubuntu.com/search?keywords=libnss3&searchon=names

佛了还没更新。。。我决定换个Ubuntu版本了。。。

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@hwdsl2 @lovedva @GreamDesu @NUWebStudio