PAM cannot be accessed after updating certificate or upgrading to PAM 4.3
Article ID: 414032
Updated On:
Products
Issue/Introduction
After performing the upgrade to PAM 4.3.0 or in some cases after applying a signed server certificate to PAM 4.3.0 and performing the required reboot, the PAM appliance cannot be accessed.
Environment
4.3.0 only
Cause
As decribed in the PAM Release Information page Symantec Privileged Access Manager - 4.3 there are various unique values that a signed server certificate can contain that may cuase an issue while loading the certificate after the 4.3 PAM appliance boots. These values are not commmon for publically signed certificates but they can still be used as valid certificate extensions. These values may be more common in testing certificates created by internal certificate authorites.
Resolution
It is important that you review the PAM Release Information page Symantec Privileged Access Manager - 4.3 for the specific values to confirm.
If you have already rebooted and ithe PAM appliance is already in this state, there are 2 options.
1. Contact Broadcom support to allow a support engineer to reset the certificate through ssh access if the debug ssh patch is already enabled.
2..Restore the appliance from its last snapshot or start a full recovery from a database backup
Feedback
