parda25

How to create Self-Signed Certificate in CA PAM

Blog Post created by parda25 Employee on Mar 11, 2018

Introduction:

This article is showing the procedure to create Self-Signed certificate with CA PAM built-in function.

 

Pre-check:

Self-signed certificate requires FQDN or IP address for CA PAM server. Check the hostname, domain and IP address and make sure DNS is properly set up with PAM server FQDN.

 

Go to Configuration -> Network -> Network setting and take a note for network configuration information of CA PAM server.

CA Privileged Access Manager Client - 15535.24595  CA Privileged Access Manager  Devices  Credentials  First name Last Name System Info  Configuration  Dashboard Access  Configuration  Configuration  @ 3rd P any  CA Modules  Sessions Users Services  O  Policies  Netmask  255255055.0  Speed  STATUS  Settings  Speed  Auto  Duplex  Logout O  O  CA Threat Analytics  CA PAM Server Cont  CA Single Sign-On  Certificate Information  Clustering  Date/Time  Database  @ Diagnostics  Exceptions  Licensing  Locale  @ Logs  @ Management Console  Monitor  Access Restriction  Additional Routes  Network Settings  P ower  @ Secunty  @ SNMP  Tools  Upgrade  Hostname:  Domain Name:  Default Gateway :  DNS Servers:  IPV6 Enabled:  Network Interfaces  Name Teaming  G31  G32  Gat  G37  dppam311a  pamdom.local  166.352451  10.131.224.86  10.131.136.171  141202.20577  IPV4 Address  155.35.245.95  IPV6 Address  Duplex  Enabled  Network Teaming Interfaces  Name IPV4 Address IPV6 Address  BONDI  30ND2  30ND3  30ND4  UPDATE  RESTART NETWORKING  Netmask  RESET  Copyright 2018 CA Technologies. All rights reserved.  -3.1.1.71  Active Backup  Active Backup  Active Backup  Active Backup  - dppam311a

 

DNS lookup checking with PAM server FQDN.

CA Privileged Access Manager Client - 15535.24595  CA Privileged Access Manager  Dashboard Access  Configuration  Configuration  @ 3rd P any  CA Modules  Sessions Users Services  Networking Tools  ping  IP Address:  PING  TRACEROUTE  Resolve Name  Devices  Credentials  Policies  Settings  O  O  First name Last Name System Info Logout  Configuration  O  Name Resolve Result  Server:  10.131.224.86  CA Threat Analytics  CA PAM Server Conti  CA Single Sign-On  Certificate Information  Clustering  Date/Time  Database  @ Diagnostics  Exceptions  Licensing  Locale  @ Logs  @ Management Console  Monitor  Access Restriction  Additional Routes  Network Settings  P ower  @ Secunty  @ SNMP  Tools  Upgrade  Hostname:  RESOLVE NAM  Port Scan  IP Address:  Pons:  Timeout(Minutes):  PORT SCAN  dppam311a.pamdom .local  Ports (i.e. 1-612 or  Copyright 201B CA Technologies. All rights reserved.  -3.1.1.71  Address: 10.131.224.86#63  Name:  dppam311a.pamdom.local  Address: ISS.3S.24S.9S  - dppam311a

 

 

Steps:

1. Go to Configuration -> Security -> Certificate.

2. Fill out the Self-Signed Certificate form with PAM server information.

3. Add PAM server IP address in Alternate Subject Name.

4. Enter Filename of the Certificate and review.

5. create certificate.

CA Privileged Access Manager Client - 15535.24595  CA Privileged Access Manager  Dashboard Access  Configuration  Configuration  @ 3rd P any  CA Modules  CA Threat Analytic  CA PAM Server ct  CA Single Sign-On  Certificate Informatio  Clustering  Date/Time  Database  Diagnostics  Diagnostic Logs  Performance Grapl  System  Exceptions  Licensing  Locale  @ Logs  @ Management Consolf  Monitor  Access Restrictior  Additional Routes  Network Settings  P ower  e Security  Access  Certificates  Sessions Users Services  Devices  Credentials  Policies  Settings  O  First name Last Name System Info Logout  Configuration  O  Certificates  Create Upload  Type  Key Size:  Common Name:  Country :  State:  City:  Organization:  Org. unit:  Days:  Download Set CRL Options Sign Applets  @ Self-Signed Certificate  dppam311a.pamdom.local  NSW  166.3524596  dppam311a  CSR  Altemate Subject Names:  Filename:  CREATE  Copyright 0 2018 CA Technologies. All rights reserved.  -3.1.1.71  - dppam311a

 

 

6. Click on Set menu tab.

7. Select the certificate you created and verify and Accept.

CA Privileged Access Manager Client - 15535.24595  CA Privileged Access Manager  Devices  Credentials  Policies  Settings  First name Last Name System Info  Configuration  Dashboard Access  Configuration  Configuration  @ 3rd P any  CA Modules  Sessions Users Services  O  Logout O  O  Certificates  Create Upload  Filename:  System Certification:  Download Set CRL Options  dppam311a.c1t  SYSTEM DEFAULT  Sign Applets  CA Threat Analytic  CA PAM Server ct  CA Single Sign-On  Certificate Informatio  Clustering  Date/Time  Database  @ Diagnostics  Exceptions  Licensing  Locale  @ Logs  @ Management Consolf  Monitor  Access Restrictior  Additional Routes  Network Settings  P ower  e Secunty  Access  Certificates  XSS Checks  Cryptography  SAML  Copyright 0 2018 CA Technologies. All rights reserved.  -3.1.1.71  - dppam311a

 

Done.

Outcomes