https://communities.sas.com/t5/Administration-and-Deployment/SAS-server-certificate-JKS-file-not-getting-updated-with-server/m-p/883736#M26877 <UL><LI>The Java Key story file<FONT color="#000000"> (trustedcerts.jks.)</FONT> does not have the current server certificate details updated.</LI><LI>The java Key store file <FONT color="#000000">(trustedcerts.jks.)</FONT> just updated with current date of apply but NOT the server certificate which we have applied and we could see the previous year of apply in 2019 &amp; 2021. Example as below:</LI></UL><P>Alias name: cn=xxxx,ou=xxxx,o=xxx,c=xxxx<BR /><FONT color="#000000">Creation date: jul 5, 2023 (This part only updated)</FONT><BR />Entry type: trustedCertEntry</P><P>Owner: xxxx, OU=xxxx, O=xxxx, C=xxx<BR />Issuer: CN=xxx, OU=xxx, O=xxx, C=xxx<BR /><FONT color="#000000">Valid from: Mon Oct 03 02:00:01 CEST 2016 until: Fri Oct 03 01:59:59 CEST 2036</FONT><BR /><BR /></P><P>We have <STRONG>Not applied the Root &amp; Intermediate certificate as it is getting expired in 2036</STRONG> so we didn’t apply it and please find the high level of steps which we have followed.</P><P>&nbsp;</P><OL><LI>Created the Key &amp; CSR file.</LI><LI>Stopped the SAS server and took the required back up.</LI><LI>Remove existing certificates using Deployment Manager (xxxxx-mid1.xxxx.xxx.cer)</LI><LI>From p7b file extracted the server certificate (xxxxx-mid1.xxxx.xxx.cer) alone and <STRONG>NOT the Root &amp; Intermediate</STRONG>.( Location : /opt/sas/SASInstallFolder/<STRONG>SASSecurityCertificateFramework/1.1/cacerts</STRONG>/)</LI><LI>Adding new certificates via the Deployment Manager . update in the above location.</LI><LI>Verified and in the browser and also in the openssl x509 -in xxxx-mid1.xx.xx-noout -text. the <FONT color="#000000"><STRONG>Valid from changed to 2025.</STRONG></FONT></LI></OL><P>&nbsp;</P><P><FONT color="#000000"><STRONG>Don't know why it is not updating in the&nbsp;trustedcerts.jks.</STRONG></FONT></P><P><FONT color="#000000"><STRONG>trustedcerts.pem - it as the details of root and intermediate.&nbsp;</STRONG></FONT></P><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P> Thu, 06 Jul 2023 14:26:54 GMT MuraliKrishnan5 2023-07-06T14:26:54Z https://communities.sas.com/t5/Administration-and-Deployment/SAS-server-certificate-JKS-file-not-getting-updated-with-server/m-p/883736#M26877 <UL><LI>The Java Key story file<FONT color="#000000"> (trustedcerts.jks.)</FONT> does not have the current server certificate details updated.</LI><LI>The java Key store file <FONT color="#000000">(trustedcerts.jks.)</FONT> just updated with current date of apply but NOT the server certificate which we have applied and we could see the previous year of apply in 2019 &amp; 2021. Example as below:</LI></UL><P>Alias name: cn=xxxx,ou=xxxx,o=xxx,c=xxxx<BR /><FONT color="#000000">Creation date: jul 5, 2023 (This part only updated)</FONT><BR />Entry type: trustedCertEntry</P><P>Owner: xxxx, OU=xxxx, O=xxxx, C=xxx<BR />Issuer: CN=xxx, OU=xxx, O=xxx, C=xxx<BR /><FONT color="#000000">Valid from: Mon Oct 03 02:00:01 CEST 2016 until: Fri Oct 03 01:59:59 CEST 2036</FONT><BR /><BR /></P><P>We have <STRONG>Not applied the Root &amp; Intermediate certificate as it is getting expired in 2036</STRONG> so we didn’t apply it and please find the high level of steps which we have followed.</P><P>&nbsp;</P><OL><LI>Created the Key &amp; CSR file.</LI><LI>Stopped the SAS server and took the required back up.</LI><LI>Remove existing certificates using Deployment Manager (xxxxx-mid1.xxxx.xxx.cer)</LI><LI>From p7b file extracted the server certificate (xxxxx-mid1.xxxx.xxx.cer) alone and <STRONG>NOT the Root &amp; Intermediate</STRONG>.( Location : /opt/sas/SASInstallFolder/<STRONG>SASSecurityCertificateFramework/1.1/cacerts</STRONG>/)</LI><LI>Adding new certificates via the Deployment Manager . update in the above location.</LI><LI>Verified and in the browser and also in the openssl x509 -in xxxx-mid1.xx.xx-noout -text. the <FONT color="#000000"><STRONG>Valid from changed to 2025.</STRONG></FONT></LI></OL><P>&nbsp;</P><P><FONT color="#000000"><STRONG>Don't know why it is not updating in the&nbsp;trustedcerts.jks.</STRONG></FONT></P><P><FONT color="#000000"><STRONG>trustedcerts.pem - it as the details of root and intermediate.&nbsp;</STRONG></FONT></P><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P> Thu, 06 Jul 2023 14:26:54 GMT https://communities.sas.com/t5/Administration-and-Deployment/SAS-server-certificate-JKS-file-not-getting-updated-with-server/m-p/883736#M26877 MuraliKrishnan5 2023-07-06T14:26:54Z https://communities.sas.com/t5/Administration-and-Deployment/SAS-server-certificate-JKS-file-not-getting-updated-with-server/m-p/883740#M26878 If the certificate isn't self-signed, you would not need to add the server certificate to the trust store (trustedcerts.pem/jks), only it's issuing certificates (the intermediate and root), as the server certificate is provided by the server. <BR /><BR />The certificate and key for the server is stored in those individual files and referenced by the SAS Web Server configuration file. There are additional steps to provide the certificate and key to Environment Manager.<BR /><BR />Update the Key and Certificate That Are Used by SAS Web Server<BR /><A href="https://go.documentation.sas.com/doc/en/bicdc/9.4/bimtag/p0fwmiy0dasb5nn18fwx1x9mn2ub.htm" target="_blank">https://go.documentation.sas.com/doc/en/bicdc/9.4/bimtag/p0fwmiy0dasb5nn18fwx1x9mn2ub.htm</A><BR /><BR />Update Certificates for SAS Environment Manager<BR /><A href="https://go.documentation.sas.com/doc/en/bicdc/9.4/bimtag/p1fpnnm9hxkhlzn1x5tkqs1caeg5.htm#p0noalwfbhga1sn1grrrq6tls37m" target="_blank">https://go.documentation.sas.com/doc/en/bicdc/9.4/bimtag/p1fpnnm9hxkhlzn1x5tkqs1caeg5.htm#p0noalwfbhga1sn1grrrq6tls37m</A> Thu, 06 Jul 2023 14:40:05 GMT https://communities.sas.com/t5/Administration-and-Deployment/SAS-server-certificate-JKS-file-not-getting-updated-with-server/m-p/883740#M26878 gwootton 2023-07-06T14:40:05Z