Issue testing PAM Remote CLI
search cancel

Issue testing PAM Remote CLI

book

Article ID: 247330

calendar_today

Updated On:

Products

CA Privileged Access Manager (PAM)

Issue/Introduction

PAM Admin getting the following error when attempting to use the Remote CLI:

C:\CLI>capam_command adminUserID=<GlobalAdmin> capam=192.168.x.x cmdName=getErrorCodes
Enter password:
CommandLineInterface.execute error in GET:sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
        at sun.security.ssl.Alert.createSSLException(Unknown Source)
        at sun.security.ssl.TransportContext.fatal(Unknown Source)
        at sun.security.ssl.TransportContext.fatal(Unknown Source)
        at sun.security.ssl.TransportContext.fatal(Unknown Source)
        at sun.security.ssl.CertificateMessage$T12CertificateConsumer.checkServerCerts(Unknown Source)
        at sun.security.ssl.CertificateMessage$T12CertificateConsumer.onCertificate(Unknown Source)
        at sun.security.ssl.CertificateMessage$T12CertificateConsumer.consume(Unknown Source)
        at sun.security.ssl.SSLHandshake.consume(Unknown Source)
        at sun.security.ssl.HandshakeContext.dispatch(Unknown Source)
        at sun.security.ssl.HandshakeContext.dispatch(Unknown Source)
        at sun.security.ssl.TransportContext.dispatch(Unknown Source)
        at sun.security.ssl.SSLTransport.decode(Unknown Source)
        at sun.security.ssl.SSLSocketImpl.decode(Unknown Source)
        at sun.security.ssl.SSLSocketImpl.readHandshakeRecord(Unknown Source)
        at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
        at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
        at sun.net.www.protocol.https.HttpsClient.afterConnect(Unknown Source)
        at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(Unknown Source)
        at sun.net.www.protocol.http.HttpURLConnection.getOutputStream0(Unknown Source)
        at sun.net.www.protocol.http.HttpURLConnection.getOutputStream(Unknown Source)
        at sun.net.www.protocol.https.HttpsURLConnectionImpl.getOutputStream(Unknown Source)
        at com.cloakware.cspm.server.ui.CommandLineInterface.a(SourceFile:267)
        at com.cloakware.cspm.server.ui.CommandLineInterface.execute(SourceFile:213)
        at com.cloakware.cspm.server.ui.CommandLineInterface.main(SourceFile:111)
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
        at sun.security.validator.PKIXValidator.doBuild(Unknown Source)
        at sun.security.validator.PKIXValidator.engineValidate(Unknown Source)
        at sun.security.validator.Validator.validate(Unknown Source)
        at sun.security.ssl.X509TrustManagerImpl.validate(Unknown Source)
        at sun.security.ssl.X509TrustManagerImpl.checkTrusted(Unknown Source)
        at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(Unknown Source)
        ... 20 more
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
        at sun.security.provider.certpath.SunCertPathBuilder.build(Unknown Source)
        at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(Unknown Source)
        at java.security.cert.CertPathBuilder.build(Unknown Source)
        ... 26 more

 

Environment

Release : 4.2.x, 4.1.x, 4.0.x

Component : PRIVILEGED ACCESS MANAGEMENT

Resolution

Per our documentation, our Remote CLI requires a keystore with the PAM certificate imported into it.  Please follow our directions outlined here:

Install and Set Up the Remote CLI and Java API