How to deploy a certificate issued by customer's internal Certification Authority into CA PAM?

Document ID:  TEC1761748
Last Modified Date:  06/14/2017
{{active ? 'Hide' : 'Show'}} Technical Document Details

Products

  • CA Privileged Access Management

Releases

  • CA Privileged Access Management:Release:2.8
  • CA Privileged Access Management:Release:2.8.1
  • CA Privileged Access Management:Release:2.8.2

Components

  • PRIVILEGED ACCESS MANAGEMENT:CAPAMX
Introduction:

Customer has their own Certification Authority to issue certificates to their internal servers. Since this is an internal rootCA, it is not known by any standard browser nor the JVM, as well as it is unknown to CA PAM. In this article we will describe the steps you need to follow to import the certificate into CA PAM properly.

 

The steps on this article intend to work around the error "could not identify local issuer".

Question:

How to deploy a certificate issued by customer's internal Certification Authority into CA PAM?

Answer:

1. Export the root CA from the Certificate Authority and any intermediate CA that may be listed on the appliance certificate chain; 

2. Open the CA PAM client and navigate to Config / Security; 

3. Under Certificates, select CA Bundles and import the root CA and intermediate CA; 

4. Configure the CRL to Automatic, pointing to the rootCA CRL URL; 

5. Import the appliance certificate. Before importing, ensure that the certificate file name end in .crt and not .cer (or something else). The certificate, after being imported to CA PAM, must be listed as <filename>.crt - also, it is important to remember to set the certificate file with the same name as the CSR was set (for example, if you used the default value, the CSR was created as default.pem - so the certificate file must be imported as default.crt)

Please help us improve!

Will this information enable you to resolve your issue?

Please tell us what we can do better.

{{feedbackText.length ? feedbackText.length : '0'}}/255

{{status}}

Not what you were looking for?

Search Again >

Product Information

Support by Product >

Communities

Join a Community >

Chat with CA

Just give us some brief information and we'll connect you to the right CA ExpertCA sales representative.

Our hours of availability are 8AM - 5PM CST.

All Fields Required

connecting

We're matching your request.

Unfortunately, we can't connect you to an agent. If you are not automatically redirected please click here.

  • {{message.agentProfile.name}} will be helping you today.

    View Profile


  • Transfered to {{message.agentProfile.name}}

    {{message.agentProfile.name}} joined the conversation

    {{message.agentProfile.name}} left the conversation

  • Your chat with {{$storage.chatSession.messages[$index - 1].agentProfile.name}} has ended.
    Thank you for your interest in CA.


    Rate Your Chat Experience.

    {{chat.statusMsg}}

agent is typing