Certificate file loading failed. The specified network password is not correct.

book

Article ID: 198460

calendar_today

Updated On:

Products

Management Platform (Formerly known as Notification Server)

Issue/Introduction

The Internet Gateway is generating the following error messages every time that the gateway service restarts:

Certificate file loading failed: F:\Program Files\Symantec\SMP Internet Gateway\certs\server.pfx, ex:Internal.Cryptography.CryptoThrowHelper+WindowsCryptographicException: The specified network password is not correct
   at Internal.Cryptography.Pal.CertificatePal.FilterPFXStore(Byte[] rawData, SafePasswordHandle password, PfxCertStoreFlags pfxCertStoreFlags)
   at Internal.Cryptography.Pal.CertificatePal.FromBlobOrFile(Byte[] rawData, String fileName, SafePasswordHandle password, X509KeyStorageFlags keyStorageFlags)
   at System.Security.Cryptography.X509Certificates.X509Certificate..ctor(String fileName, SecureString password, X509KeyStorageFlags keyStorageFlags)
   at InternetGtwMngrCore.Certificates.Certificate.get_X509()
-----------------------------------------------------------------------------------------------------
Date: 8/31/2020 12:07:42 PM, Tick Count: 0 (00:00:00), Size: 967 B
Process: InternetGateway (4352), Thread ID: 4, Module: InternetGateway.exe
Priority: 1, Source: 

 

Cannot start server because certificate is not present
-----------------------------------------------------------------------------------------------------
Date: 8/31/2020 12:07:42 PM, Tick Count: 0 (00:00:00), Size: 282 B
Process: InternetGateway (4352), Thread ID: 4, Module: InternetGateway.exe
Priority: 1, Source: 

Cause

Unknown. Possible corruption of the certificate or issues with the local machine that can decrypt the certificate password.

Environment

ITMS 8.5

Resolution

Try a new certificate. Replace the existing one with a different one.

Note: Changing the certificate for your Internet Gateway will assign a new thumbprint that needs to be added to your gateway policy in the SMP Console. If it is the only Internet Gateway on your environment, it can cause that your CEM clients can't connect again until their gateway policy is updated with the new thumbprint.

The replacement process should be something like this:

  1. In the Symantec Management Platform Internet Gateway Manager, click Change.

  2. In the Import Certificate dialog box, specify the location of the certificate file, enter the certificate password, and then click OK.

    You will be prompted to restart the gateway services. Click Yes.

  3. Copy the new Thumbprint that is created.

  4. In the Symantec Management Console, do the following:

     

    • On the Settings menu, click Notification Server > Cloud-enabled Management.

    • In the left pane, expand Policy, and then click Cloud-enabled Management Settings.

    • On the Cloud-enabled Management Settings policy page, under Gateways accepting external agent traffic, select the Internet gateway that you want to edit, and then on the toolbar click the Edit icon.

    • In the Edit Gateway Server dialog box, paste the new thumbprint, and click OK.

    • Under, Applied to, apply the edited Cloud-enabled Management Settings policy to the client computers that you want.

    • Click Save changes.

    • The client machines will get the thumbprint change next time that they request a new configuration. As well the client machines will get automatically an updated "Internet gateway agent certificate" with reference to the new thumbprint.