On a newly deployed PAM Server, which was successfully integrated with PKI/Smart Card Login Options.
When any user attempts to login to PAM with their PKI Card - they get the following error:
PAM-CMN-0977: PKI authentication failed with error: Client certificate time-frame not valid
Release: PAM 3.3.x and higher
The root cause was that even though the certificate was loaded on the PKI/Smart Card having valid dates and wasn't expired.
The PAM appliance didn't have its date/time properly set and wasn't integrated to a Network Time Protocol (NTP) Server.
To fix this, the PAM Admin successfully integrated PAM with a NTP Server from:
PAM UI >> Configuration >> Date/Time >> Time Servers.
Then in the:
PAM UI >> Configuration >> Date/Time >> Date/Time -> reflect the current UTC time.
Then the PKI/Smart Card user could successfully login.