CA PAM(Privilege Access Manager) can be accessed by the Credential Manager CLI(Command Line Interface) to perform management functions of the Credential Manager server such as adding, modifying, deleting target data and request data. In this article, I have put together the steps of Remote CLI test which requires certificate of PAM server.
1. Download 'RemoteCLI zip file' for PAM 3.1.1 from CA support portal(support.ca.com) to local device. ex) In this example, new folder 'C:\CLI11' was created. Once you download and unzip it, you will see below files.
2. Download certificate from CA PAM -> config -> security -> download certificate.
3. Enable CLI Management from CA PAM -> Security -> External API access -> Enable Credential Management CLI.
4. On your local device, open a cmd and change directory to 'c:\cli311'.
5. Import certificate to JAVA keystore.
C:\CLI> "%JAVA_HOME%\bin\keytool" -import -trustcacerts -file dppam311a.crt -alias cspmsvr311 -keystore capam.keystore
6. Test capam CLI
C:\CLI> capam_command adminUserID=super capam=dppam311a.pamdom.local cmdName=getErrorCodes