PAM Admin has many AD Domains that they have successfully integrated into but for 1 they are getting the following errors:
In the session logs:
PAM-LDAP-0004: bad certificate.
Inside the ldapimporter verbose logging we get the error:
org.bouncycastle.tls.tlsfatalalert: bad_certificate
There were no errors in the Tomcat logs
Release : 3.4.x
Component : PRIVILEGED ACCESS MANAGEMENT
AD Certificate was using the signature algorithm of RSASSA_PSS and not the traditional shaRSA256, SHA1RSA
In PAM the underlining solution we use openjdk 8 - which doesn't support this signature algorithm yet.
Please use either shaRSA256, SHA1RSA signature algorithm on your AD certificates.