Symantec Privileged Access Management

  • Private Community

  • 1.  Tech Tip:  PAM Requires Base64

    Posted Mar 09, 2018 03:23 PM

    A customer recently opened a ticket related to problems loading a certificate into PAM.  When examining the certificate we saw unprintable characters.  In discussing this with Engineering I was informed that the certificate looked that way because it encoded in binary form DER. The Certificate Authority (CA) certificate imported into CA PAM is required to be in Base64 encoded format. If the CA generated something else then the certificate must be converted to Base64. One way is to use a tool like OpenSSL to do the conversion.  I do not have the details for performing such a conversion.  Please consult with you OpenSSL expert.



  • 2.  Re: Tech Tip:  PAM Requires Base64

    Broadcom Employee
    Posted Mar 12, 2018 06:24 AM

    To convert a certificate from DER (Binary) to PEM (ASCII - base64) format:

      openssl x509 -in cert.der -inform DER -out cert.pem  -outform PEM



  • 3.  Re: Tech Tip:  PAM Requires Base64

    Broadcom Employee
    Posted Mar 13, 2018 05:43 AM

    And if for some reason you don't have access to Open SSL, another easy way in Windows is to simply double-click the certificate to open it (assuming it ends in .cer, .crt or .der). Go to the "details" tab and select "copy to file". When copying, you can save as base64-encoded.