Special Characters cannot be used in Certificate Passphrase

Document ID : KB000101473
Last Modified Date : 25/06/2018
Show Technical Document Details
Question:
Configuration menu ->  Certificate menu
When uploading a keypair, the keypair fails to get uploaded and get a message to check the passphrase.
But correct passphrase was entered.
Documentation says "Do not use special characters"

Why is PAM failing to import the keypair?
Environment:
PAM 2.8.x
PAM 3.0.x
PAM 3.1.1
PAM 3.1.2
Answer:
PAM was unable to handle certain special characters.

Tests were performed and following special characters were identified to cause problem.
Passphrase OK:  ~!@#%^*_+-={}[]:,./
Passphrase BAD: `$&()|\;"'<>?

The reason why those characters cause problem is because they were getting encoded, for example, & (ampersand) character gets encoded to &amp; and this did not match the actual passphrase.
As a result, the error reports to check the passphrase.

This has been fixed on PAM 3.1.2.01
Additional Information:
https://docops.ca.com/ca-privileged-access-manager/3-1-1/EN/implementing/configure-your-server/configure-security-settings/create-a-self-signed-certificate-or-a-certificate-signing-request/