ITAM cannot connect to ITPAM over SSL

Document ID : KB000046920
Last Modified Date : 14/02/2018
Show Technical Document Details

Problem:

When integrating ITAM with ITPAM configured for SSL, getting the error below in EventService.log:


The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel".

Cause:

The ITPAM certificate has not been registered in Trusted Root Certificate Authorities of ITAM Server at Local Computer level.

Solution:

1- follow the instruction from the below page to reconfigure ITPAM with a new certificate:
IMPORTANT: when creating the certificate you will be asked "What is your first and last name?", this is where you should type the ITPAM machine name.
https://docops.ca.com/ca-process-automation/4-3/en/administrating/overview-for-administrators/maintain-the-domain/manage-certificates/create-and-implement-a-self-signed-certificate

2- after PAM is configured with the certificate, access PAM from the ITAM machine using Internet Explorer. Accept the Certificate Error warning, click on the padlock near the address bar, click View Certificate, click Install Certificate, select 'Local Machine', click Next, select 'Place certificates in the following store', click Browse, select 'Trusted Root Certificate Authorities', click OK, Next, Finish.

3- Check using Microsoft utility mmc that the ITPAM certificate has been registered for Local Computer and not for the connected user only

ScreenHunter_225 Sep. 26 11.47.jpg

If you don't find the Certificate in Trusted Root Certificate Authorities  of Local Computer , copy it from Current user into Local computer.

4- Execute iisreset command in the ITAM machine and restart Event Service.

5- Test connection to PAM in ITAM by creating a new event.