One of the production PAM instances was upgraded to 3.2, after which RSA authentication stopped working.  Support performed all the known steps for resolving the issue, but none worked.

Release:
Component: CAPAMX

During a webex with RSA and PAM Support, the RSA Admin noticed that there was a certificate problem.  Correcting the RSA server to use the same Root certificate as configured into PAM resolved the problem.