Support Center > Search Results > SecureKnowledge Details
"Bad Response format" error in SmartDashboard when enrolling a VPN certificate from Windows based CA using SCEP
Symptoms
  • "Bad Response format" error in SmartDashboard (after clicking on the "Complete" button) when enrolling a VPN certificate using SCEP from the external CA based on Windows Server 2008 and above.

  • The $FWDIR/log/fwm.elg file on Check Point Management Server shows the following message:
    "cpScep_processCertReply: Got bad authenticate attributes. The message digest doesn't match"

Cause

The Security Management Server does not take into consideration the hash algorithm used by the external CA and always signs its response using MD5.

If the external CA also uses MD5, then everything would work well. However, when this is not the case, enrollment will fail.

On Windows Server 2008 and above, SHA-1 is the default hash algorithm.


Solution
Note: To view this solution you need to Sign In .