PAM Admin has many AD Domains that they have successfully integrated into but for 1 they are getting the following errors:

In the session logs:

PAM-LDAP-0004: bad certificate.

Inside the ldapimporter verbose logging we get the error:

org.bouncycastle.tls.tlsfatalalert: bad_certificate

There were no errors in the Tomcat logs

Release : 3.4.x

Component : PRIVILEGED ACCESS MANAGEMENT

AD Certificate was using the signature algorithm of RSASSA_PSS and not the traditional shaRSA256, SHA1RSA

In PAM the underlining solution we use openjdk 8 - which doesn't support this signature algorithm yet.

Please use either shaRSA256, SHA1RSA signature algorithm on your AD certificates.