Special Characters cannot be used in Certificate Passphrase

book

Article ID: 101473

calendar_today

Updated On:

Products

CA Privileged Access Manager - Cloakware Password Authority (PA) PAM SAFENET LUNA HSM CA Privileged Access Manager (PAM)

Issue/Introduction



Configuration menu ->  Certificate menu
When uploading a keypair, the keypair fails to get uploaded and get a message to check the passphrase.
But correct passphrase was entered.
Documentation says "Do not use special characters"

Why is PAM failing to import the keypair?

Environment

PAM 2.8.x
PAM 3.0.x
PAM 3.1.1
PAM 3.1.2

Resolution

PAM was unable to handle certain special characters.

Tests were performed and following special characters were identified to cause problem.
Passphrase OK:  [email protected]#%^*_+-={}[]:,./
Passphrase BAD: `$&()|\;"'<>?

The reason why those characters cause problem is because they were getting encoded, for example, & (ampersand) character gets encoded to &amp; and this did not match the actual passphrase.
As a result, the error reports to check the passphrase.

This has been fixed on PAM 3.1.2.01

Additional Information

https://docops.ca.com/ca-privileged-access-manager/3-1-1/EN/implementing/configure-your-server/configure-security-settings/create-a-self-signed-certificate-or-a-certificate-signing-request/