Cannot Login to PAM with PKI/Smart Card

book

Article ID: 140781

calendar_today

Updated On:

Products

CA Privileged Access Manager (PAM)

Issue/Introduction

On a newly deployed PAM Server, which was successfully integrated with PKI/Smart Card Login Options.

When any user attempts to login to PAM with their PKI Card - they get the following error:

PAM-CMN-0977: PKI authentication failed with error: Client certificate time-frame not valid

Cause

The root cause was that even though the certificate was loaded on the PKI/Smart Card having valid dates and wasn't expired.

The PAM appliance didn't have its date/time properly set and wasn't integrated to a Network Time Protocol (NTP) Server.

Environment

Release: PAM 3.2.x and PAM 3.3.x


Component:

Resolution

To fix this, the PAM Admin successfully integrated PAM with a NTP Server from:

PAM UI >> Configuration >> Date/Time >> Time Servers.


After updating the PKI/Smart Card user could successfully login.