This may happen if there are multiple Java versions in the Server and the wrong one is used when launching the command. This may happen, for instance if the keytool command, as specified in the installation guide, has been issued for a java version different from the one that is eventually used when launching the CLI commands.
CA PAM 3.4.2
1. Be careful about running the keytool command from the %JAVA_HOME% location in case of multiple java versions running on the server.
In my case, Java Home is 'C:\Program Files\AdoptOpenJDK\jdk-8.0.282.8-hotspot\'
2. Run the below command from the %CAPAM_CLI% location (CAPAM_CLI is the environment variable pointing to the CLI installation folder).
$JAVA_HOME/bin/keytool -import -trustcacerts -file capam.crt -alias capamerver -keystore capam.keystore
3. Verify the keystore from the same location:
keytool -list -v –keystore capam.keystore
4. The below command may be used to see the command errorcodes,
capam_command capam=forwardinc.com adminUserID=super cmdName=getErrorCodes
If the PAM Client is on the same host, it is best practice to use the keytool.exe from our installation directory.
"C:\Users\<userid>\CA PAM Client\runtime-1.8.0_282\bin\keytool.exe" -import -trustcacerts -file pamcertnew.crt -alias capamserver -keystore capam.keystore