Symantec Privileged Access Management

I am tried to certified CA PAM browser certified.

For that i upload the certificated its show this error what happened

You only uploaded a certificate.

If you want to use it for https or signing anything you will need to upload a key pair(private key + certificate).

PKCS12 is what you might be trying to do.

Did you upload the private key too? Then you need to ensure the filename matches.

You can refer to the following KB.

PAM and Server Certificate - CA Knowledge 

As you send the step i do like that again its getting problem ???

what to do please suggested me.

Hi, Sudipkarma.

If you have followed the KB and if you are still having same error PAM-CM-0195 then I think you are doing something wrong.

Please open a support ticket and provide screenshot of your steps or have webex session to demonstrate your problem.

Thanks

Kim

Hi Sung Hoon Kim

Thank you,

Ya its helpful we uploaded successfully but while verified its getting problem which you don't  mention in the steps 

so its need to be verifiy or not ???????

The certificate import steps are pretty straight forward but there can be {file} naming issue when you import.

For example, if you specify the target filename as "abc.cer" then it will be imported as "abc.cer.crt"

And if your private key filename is "abc.pem" then PAM will not be able to find the matching key/cert to make up a key pair.

When you import, you should only specify only the {name} part in the target filename and do not set the extension because PAM will be adding it.

In the above sample, if your private key file appears as "abc.pem" then you should set the *target filename* for the certificate to be "abc" only so PAM can find the matching private key file.

It is mentioned in the KB but if you are not able to get past that then you can open a support ticket and we can take a look.

If you are able to post your screenshots of your steps and filenames here, I can advice you too.

Regards,

Kim

Can you provide a screenshot of your configuration same as my screenshot in the KB?

You can see from above screenshot that my Private Key appears as "pam323.key"

In that case, I must import the certificate and specify the *Destination Filename* as "pam323" 

1. Type: Certificate
2. Other Options: X509
3. Filename: pam323.cer
4. Destination Filename: pam323
5. UPLOAD

Then PAM can find the matching filename to make up a keypair.

You can see the key and crt both have same name {pam323}.

Thank you,

Now i understand but i occurs now new error 

For missing key i raise the case which case number is 01347057 and which now solve but please help me for this error???

Hi, Sudipkarma.

It would be good to start a new thread for your new error message otherwise this thread will grow limitlessly and the information will be lost in multiple issues.

Hi,

Please can you suggest to resole this problem.

because we need to resolved this as quick due to we already go live.

Hi, Did you import the Certificate Chain?

my pam323 certificate is issued by the "test-root-ca" certificate.

As you can see below, I have imported that under "CA Bundles".

Ya same think i configure and i find the issued occurs now its resolved the Issued so thank you for your time and the your valid information   

Hi, Sudipkarma

Glad to know the other error is also resolved.

Please make sure you open separate threads for different error messages in the future otherwise people searching for specific error message may not be able to find the solution although it may already be available because they are all mixed in a single thread.

Hope you would understand.

Cheers

Kim

Hi,

So i should share the step what i done for resolve the issue?

Yes, that would greatly be appreciated.

Yes Sure.

You can refer to the following KB.

PAM and Server Certificate - CA Knowledge 

This document is very good.

In this you need to remember certain thing.

1. For this issued (PAM-CM-0195: the key file for the certificate is missing )

follow above document and mostly this steps

You can see from above screenshot that my Private Key appears as "pam323.key"

In that case, I must import the certificate and specify the *Destination Filename* as "pam323" 

1. Type: Certificate
2. Other Options: X509
3. Filename: pam323.cer
4. Destination Filename: pam323
5. UPLOAD

Then PAM can find the matching filename to make up a keypair.

You can see the key and crt both have same name {pam323}.

2. another problem is (Error: PAM-CM-0201:verification Error RSA )
For this while you download the pam323.pem file that time you have to download with the put password in password field and also

upload time also put same password the its resolved the problem this problem.

For Solving this issued i like to thanks Sung Hoon Kim .