Symantec Privileged Access Management

  • Private Community
 View Only

  • 1.  VIP Certificate Issue

    Posted Jul 16, 2019 12:01 AM
    Certificates has been installed in primary and secondary PAM server for HA. when we login individual server(pampri.ncell.axiata.com or pamsec.ncell.axiata.com) there is no certificate issue. but we use pam.ncell.axiata.com which sends request to either primary or secondary server. when we use pam.ncell.axiata.com there is certificate issue. how to resolve it? pam.ncell.axiata.com is pointed to virtual IP.

    ------------------------------
    Network and security Engineer technical associative
    Cas Trading House
    ------------------------------


  • 2.  RE: VIP Certificate Issue
    Best Answer

    Broadcom Employee
    Posted Jul 16, 2019 12:47 AM

    Hello Sudip,

     

    Please see the documentation

     

    https://docops.ca.com/ca-privileged-access-manager/3-3/EN/implementing/configuring-your-server/configure-security-settings/create-a-self-signed-certificate-or-a-certificate-signing-request/request-certificates-for-a-cluster

     

    For the Certificate Signing Request or Certificate generator in PAM itself put

    ...

    Alternative Subject Names: Enter the FQDN and IP address for the VIP and every member of the cluster. Any hostname or short VIP name that is used to access the cluster should also be added. If more than one address is used to access the appliance, list FQDN and IP address aliases to the Common Name, one to a line. This list must include the Common Name. Do not add a newline (line feed) after the last entry. Refer to the X.509 Subject Alternative Name.

    ...

     

    Best Regards,

    Andreas Müller




    Original Message