Starting with 9.4M3, SAS ships an open source trusted Certificate Authority (CA) bundle and allows users to add site-signed or third-party signed certificates to it.  All applications with the exception of Java Web Start (JWS) applications use this trusted CA bundle.  This is done by default by the SAS Deployment Wizard, or as a post-deployment step via the SAS Deployment Manager.  JWS applications leverage user-supplied JREs, and SAS does not automate certificate management for them.  Users can copy the aforementioned certificate bundle (trustedcerts.jks) from a SAS machine which hosts one of the aforementioned applications into their JRE's lib/security directory with the name of jssecacerts, and the JWS applications will use it.

For more information on certificate management, you can consult the "Setting up Cetificates for SAS Deployment" in the SAS 9.4 Intelligence Platform: Installation and ....

Hi @Mark_sas,

thanks a lot for your feedback, very appreciated.

I personally think that the SAS software is starting to create a medium to create procedures and best practices regarding the certificates. I am using what you describe here for several months and it makes the life much easier. 

While we wait for additional progress and developments in this area, we still need to have some additional procedures for the certificates. Specially, the ones for JWS applications, which are being executed by the System/User JREs and not the Private JRE.

As this are he system/user JRE, I personally see dangerous to copy/paste the certificate stores, because you can lose all the others company/application certificates that are not SAS related. Besides, a computer can have several system and user JREs/JDKs versions. That actually the main reason because I am asking for best practices,procedures, best commands to execute this on an easy and procedural way.

Is there anything else as an addition to the information you mentioned?