A PAM user gets the following error when trying to logon to PAM with a smart card certifcate:
PAM-CMN-0977: PKI authentication failed with error: Client chain problem
Release : 3.3
Component : PRIVILEGED ACCESS MANAGEMENT
The certificate chain was not loaded into PAM.
Command "certutil -scinfo" can be used to view the certifcate on the card with Crypto Shell Extensions. This will show the certificate chain under the "Certification Path" tab. Select each CA certificate in the chain, view it, go to the Details tab, select "Copy to File" and save it in Base-64 encoded X.509 format. You can import each certificate as a CA Bundle into PAM using the Configuration > Security > Certificate page under the Upload tab. Once the full chain is loaded into PAM, the PKI authentication should be successful.