I would like to access CA PAM Credential management via CLI, gone through the guides on the xceedium portal but didn't found it helpful, Any one tried login to Credential Management via CLI?
Asif, Good Day.
To use the remote CLI , you need the cliTool corresponding to the release of the software running on the CA Privileged Access Manager appliance. The cliTool can be downloaded from the support site. It contains the following files, which should be copied to the desired
2) capam_command (for UNIX or Linux CLI access) or capam_command.bat (for Windows CLI access)
In addition, the Java JRE must also be installed. Credential Management supports Version 7.
If you are creating a Java application that uses the Java API, you also need the Java Version 7 SDK.
Configuring your Client Computer
To establish an HTTPS connection between the CA Privileged Access Manager appliance and your client computer, the client application must trust the CA Privileged Access Manager certificate.
Use the following procedure to configure your client computer (the remote computer) to trust the CA
Privileged Access Manager certificate and use the CLI or Java API for Credential Management operations:
1. Select Config > Security.
2. Download your CA Privileged Access Manager appliance certificate:
a. Scroll down the Security page to Download Certificate or CSR.
b. Select the certificate in use by the CA Privileged Access Manager appliance.
c. Click the Download button to copy the certificate to your access computer.
3. Generate a keystore using that certificate:
NOTE: There are many ways in which you can generate the keystore; the following illustrates just
a. Use KEYTOOL to import the certificate to your keystore:
For UNIX: $JAVA_HOME/bin/keytool -import -trustcacerts -file capam.crt -alias cspmserver -keystore capam.keystore
b. For Windows: %JAVA_HOME%\bin\keytool -import -trustcacerts -file capam.crt -alias cspmserver -keystore capam.keystore
In the previous KEYTOOL examples for UNIX and Windows, you may substitute capam.crt for another filename with extension .crt of their choosing. However, you must specify the keystore name as capam.keystore.
Verify that the certificate was imported by listing the keystore contents:
- For UNIX: $JAVA_HOME/bin/keytool -list -v –keystore capam.keystore
- For Windows: %JAVA_HOME%\bin\keytool -list -v –keystore capam.keystore
- Put the new keystore file (capam.keystore) in the same directory as cliTool.jar
When using the CLI, you must enclose parameter value pairs in quotes if the value contains a space. For example, enter "TargetApplication.name=AWS Access Credential Accounts" and not TargetApplication.name="AWS Access Credential Accounts". This restriction does not apply if the value does not contain spaces. For example, entering
TargetApplication.name=AWS_Access_Credential_Accounts is valid.
capam_command adminUserID=<user name> [adminPassword=<password>] [capam=<hostname>] cmdName=<command> [<parameter>=<value>]
You may refer User Interfaces section in CA_PAM_CM_Implementation_Guide.pdf for further example.
I don’t find these two files available on the support portal, Can someone provide me the same.
Unfortunately, the cliTool.jar was not released with CA PAM. This defect is being remedied for a future release.
I'll be back - I'm going to try to get the latest RemoteCLI.zip put up on the portal for CA use, until they get the release sorted out.
I don't see the cliTool.jar for the older version also in the Xceedium support portal. Could you upload it and give me some FTP link of CA to download this tool, I need it soon.
Please open a Support ticket to request this file, as we cannot provide product files in this Community.
CA Support Delivery Manager
LLUIS DOMENECH VILAR , I have a support ticket already, But have not got any help.
I've checked your ticket. We will release the cliTool.jar in a future release of our product. We will keep you informed through the Support ticket.
Retrieving data ...