Issue testing PAM Remote CLI
search cancel

Issue testing PAM Remote CLI

book

Article ID: 247330

calendar_today

Updated On:

Products

CA Privileged Access Manager (PAM)

Issue/Introduction

PAM Admin getting the following error when attempting to use the Remote CLI:

C:\CLI>capam_command adminUserID=GlobalAdmin capam=192.168.x.x cmdName=getErrorCodes
Enter password:
CommandLineInterface.execute error in GET:sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
        at sun.security.ssl.Alert.createSSLException(Unknown Source)
        at sun.security.ssl.TransportContext.fatal(Unknown Source)
        at sun.security.ssl.TransportContext.fatal(Unknown Source)
        at sun.security.ssl.TransportContext.fatal(Unknown Source)
        at sun.security.ssl.CertificateMessage$T12CertificateConsumer.checkServerCerts(Unknown Source)
        at sun.security.ssl.CertificateMessage$T12CertificateConsumer.onCertificate(Unknown Source)
        at sun.security.ssl.CertificateMessage$T12CertificateConsumer.consume(Unknown Source)
        at sun.security.ssl.SSLHandshake.consume(Unknown Source)
        at sun.security.ssl.HandshakeContext.dispatch(Unknown Source)
        at sun.security.ssl.HandshakeContext.dispatch(Unknown Source)
        at sun.security.ssl.TransportContext.dispatch(Unknown Source)
        at sun.security.ssl.SSLTransport.decode(Unknown Source)
        at sun.security.ssl.SSLSocketImpl.decode(Unknown Source)
        at sun.security.ssl.SSLSocketImpl.readHandshakeRecord(Unknown Source)
        at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
        at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
        at sun.net.www.protocol.https.HttpsClient.afterConnect(Unknown Source)
        at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(Unknown Source)
        at sun.net.www.protocol.http.HttpURLConnection.getOutputStream0(Unknown Source)
        at sun.net.www.protocol.http.HttpURLConnection.getOutputStream(Unknown Source)
        at sun.net.www.protocol.https.HttpsURLConnectionImpl.getOutputStream(Unknown Source)
        at com.cloakware.cspm.server.ui.CommandLineInterface.a(SourceFile:267)
        at com.cloakware.cspm.server.ui.CommandLineInterface.execute(SourceFile:213)
        at com.cloakware.cspm.server.ui.CommandLineInterface.main(SourceFile:111)
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
        at sun.security.validator.PKIXValidator.doBuild(Unknown Source)
        at sun.security.validator.PKIXValidator.engineValidate(Unknown Source)
        at sun.security.validator.Validator.validate(Unknown Source)
        at sun.security.ssl.X509TrustManagerImpl.validate(Unknown Source)
        at sun.security.ssl.X509TrustManagerImpl.checkTrusted(Unknown Source)
        at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(Unknown Source)
        ... 20 more
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
        at sun.security.provider.certpath.SunCertPathBuilder.build(Unknown Source)
        at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(Unknown Source)
        at java.security.cert.CertPathBuilder.build(Unknown Source)
        ... 26 more

 

Environment

Release : 4.1.x, 4.0.x

Component : PRIVILEGED ACCESS MANAGEMENT

Resolution

Per our documentation, our Remote CLI requires a keystore with the PAM certificate imported into it.  Please follow our directions outlined here:

https://techdocs.broadcom.com/us/en/symantec-security-software/identity-security/privileged-access-manager/4-1/programming/credential-manager-remote-cli-and-java-api/install-and-set-up-the-remote-cli-and-java-api.html#concept.dita_1244cb23e74795add3c3a38d0e43e1308cc1d99d_ObtainaCertificate