PAM target account is unable to connect to LDAP servers after updating certs on the LDAP servers.
search cancel

PAM target account is unable to connect to LDAP servers after updating certs on the LDAP servers.

book

Article ID: 232981

calendar_today

Updated On:

Products

CA Privileged Access Manager (PAM)

Issue/Introduction

LDAP servers SSL/TLS certs expire soon. I attempted to replace them with new ones.

I uploaded the CA certs to CAPAM certificate store. The LDAP SSL/TLS certs work for the Linux hosts and ldapsearch functions but CAPAM is unable to communicate with LDAP once the new certs are installed & activated.

I've rolled the certs back on the ldap server to the old ones for now. Not sure why CAPAM won't communicate with new certs.

Environment

Release : 4.0

Component : PRIVILEGED ACCESS MANAGEMENT

Cause

The target applications store the certificate within their own configuration. These cannot reach the base pam certificate store for validatioin.

Resolution

Updating the target application itself using the spyglass allows the updated certificate to be validated.