topic SAS Viya 4 on AWS login fails with sas-viya cli in Administration and Deployment

SAS Viya 4 on AWS login fails with sas-viya cli

thesasuser — Thu, 28 Mar 2024 15:52:25 GMT

Hello
I am new to SAS Viya 4. I am trying to login using sas-viya cli. The error is

tls: failed to verify certificate: x509: certificate signed by unknown authority
Login failed due to an error with the security certificate. The certificate is signed by an unknown authority. Run with the '--verbose' global option to see additional details.

I have followed the instructions at https://documentation.sas.com/doc/sv/sasadmincdc/v_045/calcli/n1e2dehluji7jon1gk69yggc6i28.htm to generate the trustedcerts.pem.

Could someone enlighten on this?

Re: SAS Viya 4 on AWS login fails with sas-viya cli

SASKiwi — Thu, 28 Mar 2024 22:45:58 GMT

In my experience, renewing security certificates is tricky at the best of times. You will make faster progress via a Tech Support track if you haven't opened one already. There are likely to be very few Community users with firsthand experience of Viya 4 security certificates.

Re: SAS Viya 4 on AWS login fails with sas-viya cli

gwootton — Fri, 29 Mar 2024 14:26:10 GMT

The steps in the documentation linked copy the trustedcerts.pem file from a pod onto the machine where you are running sas-viya.
kubectl -n name-of-namespace cp $(kubectl get pod -n name-of-namespace | grep "sas-logon-app" | head -1 |
awk -F" " '{print $1}'):security/trustedcerts.pem /tmp/trustedcerts.pem

You then set the SSL_CERT_FILE environment variable to point to that file:
export SSL_CERT_FILE=/tmp/trustedcerts.pem

After doing that, you should not get an error that the certificate is untrusted unless the CA certificate used to issue the ingress certificate was not added to the trusted CA certificates, so does not exist in trustedcerts.pem.