topic Re: Facing certificate not found error while calling APi in Developers

Facing certificate not found error while calling APi

khandelwalanmol — Tue, 22 Mar 2022 12:31:13 GMT

I have been working on calling an API to fetch access token.

Here is my Http code

options set=SSL_USE_SNI="0" set=SSL_SNI_HOSTNAME="sandbox.bcda.cms.gov"  ;
proc http
   		url="https://sandbox.bcda.cms.gov/auth/token" AUTH_BASIC
   		WEBUSERNAME="&client_id."
   		WEBPASSWORD="&client_secret."
   		out=apitoken
   		method="POST";
 		
   		headers "Accept"="application/json";
	run;

Here is the error i have been getting.

ERROR: OpenSSL error 336134278 (0x14090086) occurred in SSL_connect/accept at line 5388, the error message is "error:14090086:SSL
routines:ssl3_get_server_certificate:certificate verify failed".
ERROR: Secure communications error status 807ff008 description "OpenSSL error 336134278 (0x14090086) occurred in SSL_connect/accept
at line 5388, the error message is "error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed"."
ERROR: Encryption run-time execution error
ERROR: Call to tcpSockContinueSSL failed.

Any suggestions what could be the possible issue.

Re: Facing certificate not found error while calling APi

joeFurbee — Thu, 24 Mar 2022 19:51:32 GMT

Hi @khandelwalanmol,

Sorry for the delay. I just saw this question. Let me take a look in my environment and see if I can get it to work.

Re: Facing certificate not found error while calling APi

joeFurbee — Fri, 25 Mar 2022 15:36:45 GMT

Hi @khandelwalanmol,

I'm adding three code blocks to this, one for each grant_type: authorization code, client credentials, and password. You can read more about client registration and creating access tokens in my blog post Authentication to SAS Viya: a couple of approaches. All three grant types are covered in the post.

In your original code, I think you were attempting to use the password grant type. While the example I list below will work, please note that this is not secure and is being discouraged for use by the industry. Note that you must declare an authorization grant type when registering a client, so each of these code blocks would require a separate client id.

Authorization code

filename out TEMP;
proc http url="https://sasserver.sas.com/SASLogon/oauth/token#authorization_code" 
method="POST" 
in='client_id=sasclient&client_secret=sasclientecret&grant_type=authorization_code&code=Mkm63aVEun'
out=out;
headers "Accept"="application/json";
run;

%put The return code is: &SYS_PROCHTTP_STATUS_CODE.;

data _null_;
infile out;
input;
put _infile_;
run;

Values to update: url, client_id, client_secret, code

Client Credentials

code sample from this thread

filename resp temp;

/* must include content-type/CT= option */
proc http 
 url="https://serviceaddress/oauth/access_token"
 in='grant_type=client_credentials&client_id=XXXXXXXX&client_secret=YYYYYYYY' 
 ct="application/x-www-form-urlencoded"
 out=resp
 method='POST'
;
run;

Values to update: url, client_id, client_secret

Password

code sample from this thread

filename out TEMP;
proc http url="https://sasserver.sas.com/SASLogon/oauth/token#password" 
method="POST" 
auth_basic
Webusername="client_id"
webpassword="client_secret"
in='grant_type=password&username=viya_user&password=viya_password'
out=out;
headers "Accept"="application/json";
run;

%put return code is: &SYS_PROCHTTP_STATUS_CODE.;

data _null_;
infile out;
input;
put _infile_;
run;

Values to update: url, Webusername, Webpassword

Hope this helps,

Joe

Re: Facing certificate not found error while calling APi

AllanBowe — Fri, 25 Mar 2022 15:40:00 GMT

I didn't realise the OP was referring to Viya

But if so, there are some ready made macros in SASjs for client registration, authentication & refresh:

* https://core.sasjs.io/mv__registerclient_8sas.html

* https://core.sasjs.io/mv__tokenauth_8sas.html

* https://core.sasjs.io/mv__tokenrefresh_8sas.html

Re: Facing certificate not found error while calling APi

joeFurbee — Mon, 04 Apr 2022 00:53:28 GMT

Hi @khandelwalanmol,

I wanted to check if you were able to attempt the suggestions made in the replies to your post. If you have further issues, please let us know; otherwise, you can mark the thread as resolved.

Thanks,

Joe