We have successfully uploaded a signed certificates to CA PAM appliances. However, the CA PAM Client shows that the certificate is not trusted. How do we fix this?

book

Article ID: 16789

calendar_today

Updated On:

Products

CA Privileged Access Manager - Cloakware Password Authority (PA) PAM SAFENET LUNA HSM CA Privileged Access Manager (PAM)

Issue/Introduction



We have successfully uploaded a signed certificates to CA PAM appliances. However, the CA PAM Client shows certificate warning most probably because the root CA that has signed the certificate is not trusted. How do we fix this?

 

Environment

Release: PAMDKT99500-2.7-Privileged Access Manager-NSX API PROXY
Component:

Resolution

There is the option to load the certificates in the PAM client. Please when starting it, click on the Cog and then go to Certificates. That will open the CA PAM Client certificate store and you will be able to load the root CA to prevent this from happening. 

In fact as you know the client includes a full java jre, so you are actually uploading the certificates to the java cert store. 

If you wish to replicate this action to other machines, an option is to copy the cacerts file that is created and stored in the PAM Client folder. 

When you install PAM Client, in the "CA PAM Client" directory there's a "cacerts" file, which contains the Certificates imported in the client. 

Import the certificate in one of the Clients and copy the cacerts file to the other PAM Clients directories.

Note: You can do this via GPO.