Asif, Good Day.
To use the remote CLI , you need the cliTool corresponding to the release of the software running on the CA Privileged Access Manager appliance. The cliTool can be downloaded from the support site. It contains the following files, which should be copied to the desired
Installation directory:
1) cliTool.jar
2) capam_command (for UNIX or Linux CLI access) or capam_command.bat (for Windows CLI access)
In addition, the Java JRE must also be installed. Credential Management supports Version 7.
If you are creating a Java application that uses the Java API, you also need the Java Version 7 SDK.
Configuring your Client Computer
To establish an HTTPS connection between the CA Privileged Access Manager appliance and your client computer, the client application must trust the CA Privileged Access Manager certificate.
Use the following procedure to configure your client computer (the remote computer) to trust the CA
Privileged Access Manager certificate and use the CLI or Java API for Credential Management operations:
1. Select Config > Security.
2. Download your CA Privileged Access Manager appliance certificate:
a. Scroll down the Security page to Download Certificate or CSR.
b. Select the certificate in use by the CA Privileged Access Manager appliance.
c. Click the Download button to copy the certificate to your access computer.
3. Generate a keystore using that certificate:
NOTE: There are many ways in which you can generate the keystore; the following illustrates just
one method.
a. Use KEYTOOL to import the certificate to your keystore:
For UNIX: $JAVA_HOME/bin/keytool -import -trustcacerts -file capam.crt -alias cspmserver -keystore capam.keystore
b. For Windows: %JAVA_HOME%\bin\keytool -import -trustcacerts -file capam.crt -alias cspmserver -keystore capam.keystore
In the previous KEYTOOL examples for UNIX and Windows, you may substitute capam.crt for another filename with extension .crt of their choosing. However, you must specify the keystore name as capam.keystore.
Verify that the certificate was imported by listing the keystore contents:
- For UNIX: $JAVA_HOME/bin/keytool -list -v –keystore capam.keystore
- For Windows: %JAVA_HOME%\bin\keytool -list -v –keystore capam.keystore
- Put the new keystore file (capam.keystore) in the same directory as cliTool.jar
When using the CLI, you must enclose parameter value pairs in quotes if the value contains a space. For example, enter "TargetApplication.name=AWS Access Credential Accounts" and not TargetApplication.name="AWS Access Credential Accounts". This restriction does not apply if the value does not contain spaces. For example, entering
TargetApplication.name=AWS_Access_Credential_Accounts is valid.
capam_command adminUserID=<user name> [adminPassword=<password>] [capam=<hostname>] cmdName=<command> [<parameter>=<value>]
You may refer User Interfaces section in CA_PAM_CM_Implementation_Guide.pdf for further example.
Thank You
--
Vinay Reddy