Architecting, installing and maintaining your SAS environment

HTTPS ERROR After Server Reboot

Reply
Frequent Contributor
Posts: 126

HTTPS ERROR After Server Reboot

We have recently reboot the Linux server after that we are getting below error on Chrome browser while opening the SAS portal:- 

 

https://sasxxxxxxxxxxxxxxxx/ Peer’s Certificate issuer is not recognized. HTTP Strict Transport Security: false HTTP Public Key Pinning: false Certificate chain:

 

-----BEGIN CERTIFICATE-----

zzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzz

zzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzz

= -----END CERTIFICATE----- 

 

Before reboot, we were open the SAS VA portal with https security. 

Trusted Advisor
Posts: 1,141

Re: HTTPS ERROR After Server Reboot

Hello @japsas100,

 

I think that the configuration of the certificate chain, or the certificate chain file (or one of its dependant certificates) has been modified since the last SAS Web Server service restart (or server reboot). 

 

I would check that part, with all the SAS services stopped, only stopping and starting the SAS Web Server (script is in /Lev1/Web/WebServer/bin/). You will need to check the integrity of conf/extras/httpd-ssl.cfg and the certificate files at the ssl directory).

 

After each SAS Web Server restart, try to connect with a web browser to the URL ( https://sasxxxxxxxxxxxxxxxx/ ).

 

Once you are ready here, and the web browser can fully validate the certificates (server's, Intermediates and CA) and its chain, I would import the certificates on the SAS PrivateJRE (just to be sure) before starting all the SAS Services.

 

Of course, you can do the import with the SAS Deployment Manager, on each server of your SAS deployment, and each client using SMC. On the right order. Or, if you are used to it, just with the keytool command from the SASPrivateJRE.

 

Frequent Contributor
Posts: 126

Re: HTTPS ERROR After Server Reboot

Thanks for the reply.

 

I already checked wth IT team they never modified any certification. There is no issue when I open the portal on old browsers like Internet Explorer and Chrome because these browsers I am using before the reboot.   

 

But once I open a page on new machines with Chrome or Internet Browers after reboot its throws same certificate error as I highlighted in the last track.

 

Please advise?  

Trusted Advisor
Posts: 1,141

Re: HTTPS ERROR After Server Reboot

Oh, shoot, wait.

 

Now I remember. You are working with some virtualized clients such as Citrix or M-AppV, right?

 

So my new understanding is that this problem only happens on some browsers, but it is fine on others. Is this correct? Otherwise, I cannot understand very well, sorry.

Frequent Contributor
Posts: 126

Re: HTTPS ERROR After Server Reboot

Yes, this problem only happens only on new browsers which I am using after reboot. I am using Citrix and local network when I am in the office.

Trusted Advisor
Posts: 1,141

Re: HTTPS ERROR After Server Reboot

New browsers probably means also new citrix servers (different ones). This would require to import the certificates (the full chain) into the new windows citrix servers of the cluster, and on the Chrome private certificate store (something new from the new version of Chrome).

Frequent Contributor
Posts: 126

Re: HTTPS ERROR After Server Reboot

yes, This is correct.

Trusted Advisor
Posts: 1,141

Re: HTTPS ERROR After Server Reboot

So this is what you need to prepare and instruct to the Citrix admins, to import the Server certificates (ensure that CA root and CA intermediates are there, and them import the server certificate).

 

I understand this is not a mistery to you or to them, but if you need instructions please let me know.

Frequent Contributor
Posts: 126

Re: HTTPS ERROR After Server Reboot

Hi, Not understand completely.  Could you please explain in details? Is there any action need to perform from SAS end?

Trusted Advisor
Posts: 1,141

Re: HTTPS ERROR After Server Reboot

If it works OK on some web browsers (Citrix servers), but on the new ones it does not work, it is not a SAS-related issue, it is just SSL certificates one.

 

Tehy will no focus on importing the CA, Intermediate and server certs into the appropiate certificate stores: Windows (or IE) and Chrome.

 

For the first:

http://support.sas.com/documentation/cdl/en/secref/69831/HTML/default/viewer.htm#p1g2v5c010q6gyn1fi8...

http://support.sas.com/documentation/cdl/en/secref/69831/HTML/default/viewer.htm#n0q3w2063kru3bn1fr6...

 

For the second:

- (you can google others) https://support.globalsign.com/customer/portal/articles/1211541-install-client-digital-certificate--...

- https://wiki.wmtransfer.com/projects/webmoney/wiki/Installing_root_certificate_in_Google_Chrome

Ask a Question
Discussion stats
  • 9 replies
  • 137 views
  • 0 likes
  • 2 in conversation