Hello,
I have recieved three certificates root, intermediate and the server certificate to apply in the Linux server.
How do i verify the validity/correctness of the existing certificate, before applying new certificates?
Thanks,
Mushy
@gwootton Thanks for the guidance!
@gwootton , could you please help with steps how we can apply this certificates ?
Similar issue. Do we know what mechanism SAS Deployment Manager uses to validate .pem files ? We have added a new root certificate but the intermediate chain.pem and .pem files are being rejected as not Base-64.
No validation details are being written to %SASHOME%\InstallMisc\InstallLogs\certframe_wx6_certadd_2024-12-09-13.45.29.log
Both certutil.exe -verify and openssl.exe rsa -modulus are accepting the format but not sasdm.exe. Waiting to hear from SAS TS.
I think the documentation at SAS Help Center: Manage Certificates in the Trusted CA Bundle Using the SAS Deployment Manager could be improved with Greg's approach.
Good call. The .pem files have additional text from the creation tool:
Bag Attributes
localKeyID: 90 4D C7 DB 9F 31 E5 4D B6 99 2F E3 BA A8 17 3B 44 28 6A 0E
.
.
.
-----BEGIN CERTIFICATE-----
Not completely invalid as certutil.exe can read it :
certutil -verify "C:\temp\xxx.pem"
Returns 'CertUtil: -verify command completed successfully.'
Some manual editing is needed and I will ask for a specific format next time.
I ran into this exact problem myself. Since I knew I had a valid certificate as it was working in SAS web apps, I just exported the certificate out of the MS Edge browser using the Certificate Viewer and applied it successfully in Deployment Manager. That workaround was provided by Tech Support.
Another mystery.
Where is SAS Usage Note 57370. 2016. “Downloading, installing, and using the TLS/SSL Diagnostic Tool for SAS® 9.4.” Available at http://support.sas.com/kb/57/370.html ?
It is the last reference from Stuart Rogers' definitive 2016 paper Tips and Techniques for Using Site-Signed HTTPS with SAS® 9.4 : Paper Template
Could it be referencing keytool.exe or openssl.exe?
Thanks Greg. From your description, this approach should give similar details :
The SAS Users Group for Administrators (SUGA) is open to all SAS administrators and architects who install, update, manage or maintain a SAS deployment.
SAS technical trainer Erin Winters shows you how to explore assets, create new data discovery agents, schedule data discovery agents, and much more.
Find more tutorials on the SAS Users YouTube channel.