One of the production PAM instances was upgraded to 3.2, after which RSA authentication stopped working. Support performed all the known steps for resolving the issue, but none worked.
Release: Component: CAPAMX
During a webex with RSA and PAM Support, the RSA Admin noticed that there was a certificate problem. Correcting the RSA server to use the same Root certificate as configured into PAM resolved the problem.