Imprivata Privileged Access Management Product Update 2.3.202105302246

May 30, 2021

PAM Update: Added PKCS#8 private key format support for SSH connections, added SSL support for SQL Proxy beta connections

This update adds SSL support for SQL Proxy beta connections and PKCS#8 private key support for WEB and Proxy SSH sessions and job executions.

Added SSL support for SQL Proxy beta connections

The update adds support to accept SSL connections from native Oracle clients as well as support for connections to destination Oracle RDBMS end-points using SSL connections.

The option allows securing Oracle RDBMS traffic from the native client to SQL Proxy to the destination Oracle RDBMS instance.

In addition to this, the option allows exposing non-SSL traffic from several RDBMS instances through an SSL-enabled channels for outside clients.

To enable SSL for the Oracle connection, include (protocol=tcps) to the address specification of the connection string.

To establish trust between native clients and SQL Proxy, import public proxy certificate found in $PAM_HOME/content/keys/certificate_rdp.cer to the native client key store.

For example, configuration for SQL Developer might include the following procedure:

Copy 
keytool -importcert -trustcacerts -file certificate_rdp.cer -keystore chain.jks

AddVMOption -Djavax.net.ssl.trustStore=$STORE_PATH/chain.jks
AddVMOption -Djavax.net.ssl.trustStoreType=JKS
AddVMOption -Djavax.net.ssl.trustStorePassword=changeit

 

Added PKCS#8 private key format support for SSH connections

The update adds support to accept PKCS#8 private key format when establishing connections to remote SSH end-points.

This option simplifies the process of on-boarding assets by supporting more key formats without the requirement to convert them to more popular ones.

Note password encrypted PKCS#8 keys still need to be converted to other supported formats before on-boarding them into the system records.

After this update, the system supports PEM RSA, PEM OPENSSH, PPK, PKCS#8 private key formats when establishing WEB SSH sessions, SSH Proxy sessions or executing jobs on the remote servers using both SSH Remote and Interactive SSH execution strategies using either JSCH and SSHD drivers.