Trying to connect to CA PAM via CA PAM Agent results in an error :
PAM-AGT-1002:Cannot connect to the PAM server.This happens irrespective of whether FQDN or IP address of PAM server is used.

However the certificates from the different PAM nodes are fine
In the CA Agent Log files (under C:\Program Files\CA Technologies\CA PAM Agent\Logs), the CA PAM Client log, CAPAMAgent.log, shows errors like the following
[2020-05-20 08:34:34.772] [4272] [error] SslSocket_verify_callback() -> verify error=20, reason=[unable to get local issuer certificate], depth=0
[2020-05-20 08:34:34.773] [4272] [error] SslSocket_verify_callback() -> cert subject name=[/C=XX/ST=XXXXX/L=XXXXX/O=XXX A/S/OU=XXXX IT/CN=XXX.XXX.XXX]
[2020-05-20 08:34:34.773] [4272] [error] SslSocket::SslHandshake(), calling SSL_connect() with socket 636 failed, reason = [error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed]
[2020-05-20 08:34:34.773] [4272] [info] CertificateFileStore::GetDerEncodedCertDetails(), start getting certificate details from a DER encoded certificate
[2020-05-20 08:34:34.777] [4272] [info] CertificateFileStore::GetDerEncodedCertDetails(), finished getting certificate details from a DER encoded certificate
[2020-05-20 08:34:38.592] [4272] [info] CertificateFileStore::ImportDerEncodedCertificateToStore(), importing a DER encoded certificate to a certificate store in file [C:\Program Files\CA Technologies\CA PAM Agent\\Data\cacerts.sto] succeeded
[2020-05-20 08:34:38.625] [4272] [error] SslSocket_verify_callback() -> verify error=20, reason=[unable to get local issuer certificate], depth=0
[2020-05-20 08:34:38.625] [4272] [error] SslSocket_verify_callback() -> cert subject name=[C=XX/ST=XXXXX/L=XXXXX/O=XXX A/S/OU=XXXX IT/CN=XXX.XXX.XXX]