Operational Defect Database
BugZero found this defect 429 days ago.
Data sources
All data on this page is proprietary to BugZero® or gathered from public sources
WatchGuard Technologies | kA16S000000Bch2SAC
Hash and URL certificate encoding is not supported for BOVPN certificate negotiation
Last update date:
3/17/2023
Affected products:
Firebox M200
Firebox M300
Firebox M270
Firebox M370
Firebox M470
Firebox M570
Firebox M670
Firebox M290
Firebox M390
Firebox M400
Firebox M500
Firebox M440
Affected releases:
Any/Unknown
Fixed releases:
All
Description:
Issue
The Firebox supports the X.509 Certificate - Signature encoding type for BOVPN negotiation with certificates. The Firebox does not support the X.509 Certificate - Hash and URL encoding type.If the Firebox attempts to negotiate a BOVPN to a third party VPN endpoint configured with Hash and URL encoding, the BOVPN tunnel will not be established. The packet will be dropped by the Firebox with this log message:12 certificate encoding is not supported yet.
Workaround/Solution
On the remote endpoint, change the certificate encoding type to X.509 Certificate - Signature.
