Cannot Login to PAM with PKI/Smart Card
search cancel

Cannot Login to PAM with PKI/Smart Card


Article ID: 140781


Updated On:


CA Privileged Access Manager (PAM)


On a newly deployed PAM Server, which was successfully integrated with PKI/Smart Card Login Options.

When any user attempts to login to PAM with their PKI Card - they get the following error:

PAM-CMN-0977: PKI authentication failed with error: Client certificate time-frame not valid


Release: PAM 3.3.x and higher


The root cause was that even though the certificate was loaded on the PKI/Smart Card having valid dates and wasn't expired.

The PAM appliance didn't have its date/time properly set and wasn't integrated to a Network Time Protocol (NTP) Server.


To fix this, the PAM Admin successfully integrated PAM with a NTP Server from:

PAM UI >> Configuration >> Date/Time >> Time Servers.

Then in the:

PAM UI >> Configuration >> Date/Time >> Date/Time -> reflect the current UTC time.

Then the PKI/Smart Card user could successfully login.