Architecting, installing and maintaining your SAS environment

Enable HTTPS for SAS Environment Manager

Reply
Regular Contributor
Posts: 211

Enable HTTPS for SAS Environment Manager

Hi team,

 

I'm trying to enable HTTPS for SAS Environment Manager 9.4M4 with a third-party (Entrust) signed certificate.

 

I have done the following to no avail....

 

http://support.sas.com/kb/56/465.html

http://support.sas.com/kb/56/451.html

http://support.sas.com/kb/56/600.html

 

Followed the post-install steps in the SAS Environment Manager Admin Guide

 

Created a keystore with the CA root, intermediaries and server certificate.

 

 

If I go to the EM console, Chrome complains that it can't validate the site. However, I've also implemented TLS on all the web apps on this same installation and they work 100%, so this is isolated to Environment Manager. Under HTTP I could connect 100% to the console.

 

Any ideas ?

 

Trusted Advisor
Posts: 1,424

Re: Enable HTTPS for SAS Environment Manager

Hello @nhvdwalt,

 

have you included the certificates in the Chrome certificate store?

is it working OK for IE or Firefox?

when it does not validate the site, can you still go through by accepting you go to an insecure site?

Regular Contributor
Posts: 211

Re: Enable HTTPS for SAS Environment Manager

Posted in reply to JuanS_OCS

Hi @JuanS_OCS

 

Yes, I have imported the certs into Chrome. Other https URLs on the same mid tier e.g. VA Hub works 100%.

 

Haven't tried with other browsers yet.

 

Yes, I can click through and go to an 'unsecure' site.

 

I'm just thinking now....The only difference between the EV and the Web Server setup, is that the EV config has a different private key, since it's generates a new private key when you create the keystore. It's the same server and server cert, but different private key.

 

Could this maybe be the problem ? i.e. mismatch between the private key and the server cert.

 

If so, is it possible to use the private key from the Web Server config for EV ? Ultimately I want to use the same server cert I used for the Web Server.

 

Thanks,

Trusted Advisor
Posts: 1,424

Re: Enable HTTPS for SAS Environment Manager

[ Edited ]

Hello @nhvdwalt,

 

I think you are on the right track. have you already tried it? Do not forget to make copies/backups of modified files. Smiley Wink

Regular Contributor
Posts: 211

Re: Enable HTTPS for SAS Environment Manager

Posted in reply to JuanS_OCS

Hi @JuanS_OCS

 

This morning I obtained a third-party (Entrust) signed certificate for the server and imported all the certs into a new EV keystore, but the problem remains. So that rules out the private key theory..

 

Btw....I get the same error in Chrome, FireFox and Edge.

 

If I expand the error in Chrome, it shows the certificate. The issuer of the certificate is listed as my server, so it appears to be the self signed certificate. But I don't understand how since EV is pointing to the new keystore that only contains the new thirdparty certs. It's as if EV is providing the self signed certificate and not the new ones.

 

Any ideas ?

Regular Contributor
Posts: 211

Re: Enable HTTPS for SAS Environment Manager

Posted in reply to JuanS_OCS

Hi @JuanS_OCS

 

Just an update on this one....

 

I have opened a Track with Tech Support and we are still investigating. From the analysis so far, it seems like the error in Chrome is caused by Environment Manager using the self-signed certificate instead of the third party certificate. It's weird because all locations have been updated with the third party certificate, so there should be no trace of the self signed one, but for some reason EV is not using the third party one.

 

Will keep the forum posted...

Ask a Question
Discussion stats
  • 5 replies
  • 149 views
  • 2 likes
  • 2 in conversation