New verified Certificate cannot be set in PAM

Document ID : KB000100266
Last Modified Date : 08/06/2018
Show Technical Document Details
Issue:
I have uploaded/imported Root Certificate, CRL (Certificate Revocation List) files, Intermediate Certificate and the Server Certificate with Private Key file. I can verify the new uploaded Certificate with Private Key file without error by clicking the [Verify Certificate] button, i.e. “<crt filename> has been verified” message was displayed. I have clicked the [Accept Certificate] button to set the new Certificate and PAM was rebooted. However, PAM still uses the default gkcert Certificate after reboot.
Environment:
2.8.3
Cause:
There is space character in the Certificate with Private Key file's filename.
Resolution:
This problem won't happen in PAM version 3.0.x, 3.1.x or 3.2.x or later. This problem won't happen either if you only upload Certificate file (without Private Key). If you have a Private Key in PAM and only upload a Certificate file which matches the Private Key, the filename of the Certificate file has to match the filename of the Private Key file.

If you are running PAM 2.8.3.x or older version and affected by this issue, do below steps to resolve.

1. Rename your Server Certificate with Private Key file's filename so it doesn't contain any space character.

2. Go to Config > Security > "Download Certificate or CSR", delete the existing previously uploaded Certificate

3. Go to "Upload Certificate or Private Key" section, select "Certificate with Private Key" type and upload the amended Certificate file.

4. Go to "Set Certificate" section, select the newly uploaded Certificate and click [Verify Certificate] and make sure verification works. And then click [Accept Certificate] and reboot.

5. After reboot please verify if the new Certificate is set.
Additional Information:
Refer CA PAM Certificates Configuration online documentation too.