We have successfully uploaded a signed certificates to CA PAM appliances. However, the CA PAM Client shows certificate warning most probably because the root CA that has signed the certificate is not trusted. How do we fix this?
There is the option to load the certificates in the PAM client. Please when starting it, click on the Cog and then go to Certificates. That will open the CA PAM Client certificate store and you will be able to load the root CA to prevent this from happening.
In fact as you know the client includes a full java jre, so you are actually uploading the certificates to the java cert store.
If you wish to replicate this action to other machines, an option is to copy the cacerts file that is created and stored in the PAM Client folder.
When you install PAM Client, in the "CA PAM Client" directory there's a "cacerts" file, which contains the Certificates imported in the client.
Import the certificate in one of the Clients and copy the cacerts file to the other PAM Clients directories.
Note: You can do this via GPO.