Thanks you soo much JanS_OCS
Just want to check where we want to add my_certificate_chain.cer file and if we want to add this file under /opt/sas/config/Lev1/Web/WebServer/conf/extra/httpd-ssl.conf then can share the where exactly want to add and with syntax.
Can you please share full command to stop SAS Web Server and the SAS Web Application Servers.
During installation we have to defined the sas webapp server like SASServer1_1 SASServer1_2etc....How much we have to defined there server?.
By default it will create three set of sas web server? last time when I was not defined it created only one SASServer1_1
You are so welcome 🙂
you can store that certificate chain into the Web/WebServer/ssl directory, together with the server certificate and its private key.
For starting and stoping the servers, you can execute the Lev1/Web/WebServer/bin/httpdctl {stop|start|status} and for the complete middle tier, you can use the Lev1/sas.servers {start|stop|status} script.
You can deploy your SAS Web Applications on a single Web Application Server SASServer1_1, but I personally deploy them on multiple server, to simply my administrations tasks, they become more manageable. During the deployment of your middle tier, the SDW will ask you if you want to deploy them on multiple machines. http://support.sas.com/documentation/cdl/en/biig/69172/HTML/default/viewer.htm#n05020intelplatform00... (see: Web Application Server: Multiple Servers)
Thanks Again!!!
Last question where we can use rsa private key file during installation.
No problem!
On the same link on my previous comment, you can read some lines above:
SAS Web Server: Location of X509 Certificate and RSA Private Key If you already have an X.509 certificate, enter their locations. When you are finished, click Next. In X509 Certificate, enter the path to the valid X.509 certificate with the DNS name of this machine as the Common Name (CN). In RSA private key, enter the path to the RSA private key that is not protected by a passphrase. For more information, see SAS Intelligence Platform: Middle-Tier Administration Guide.
Thanks .....
Please confrim whether I am going into right direction
Create below files using notepad and moved to WebServer/ssl director.
sastest.abc.com.crt -----merged file of server and root certificate in same order
sastest.abc.com.key -----private key file.
Just want to understand , do we need to give any link /refrence of these files any where bcz these are not the sas standead names or script will pick automatically from this dir.
Hi JuanS_OCS,
During configration I got the same error (PKIX error) as you mentioned in your last node and I have made the same changes as per your note.
When I started the server and I got the greek color.
but when i resume sas deployment wizard process i got another error.
Override ignored for property "webinfpltfm.setroledisplayname.msg"
[setAuthorityDisplay] [echo] Setting output prop rc
[setAuthorityDisplay]
Override ignored for property "webinfpltfm.setroledisplayname.returncode"
[echo] setAuthorityDisplay return code: 500
[echo] setAuthorityDisplay status: Created roles
[propertyfile] Updating property file: /opt/sas/config/Lev1/Logs/Configure/webinfpltfm_config_status.properties
BUILD FAILED
/opt/sas/sashome/SASWebInfrastructurePlatform/9.4/Config/webinfpltfm_config.xml:4111: The following error occurred while executing this line:
/opt/sas/sashome/SASWebInfrastructurePlatform/9.4/Config/webinfpltfm_config.xml:4065: Created roles
at org.apache.tools.ant.ProjectHelper.addLocationToBuildException(ProjectHelper.java:541)
at org.apache.tools.ant.taskdefs.MacroInstance.execute(MacroInstance.java:394)
and when i opened the https://sastest01.xxxxxx.xx/SASVisualAnalyticsHub/index.jsp its throw below error
HTTP Status 500 - javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
Please advise.
We have started again fresh installation with root certificate and server certificate. We got he below error :
[webserverTarget] 2017-03-17 01:02:41,082 [main] DEBUG com.sas.appserver.vfabrcersvrc.Server - runServerScript() start >>>[webserverTarget] 2017-03-17 01:02:41,082 [main] DEBUG com.sas.appserver.vfabrcersvrc.Server - runServerScript() start >>>[webserverTarget] 2017-03-17 01:02:41,097 [main] INFO com.sas.appserver.utils.AntProcessInvoker - Environment Variables:[webserverTarget] 2017-03-17 01:02:41,101 [main] INFO com.sas.appserver.utils.AntProcessInvoker - Working Directory: /opt/sas/config/Lev1/Web/WebServer[webserverTarget] 2017-03-17 01:02:41,101 [main] INFO com.sas.appserver.utils.AntProcessInvoker - Executable: /opt/sas/config/Lev1/Web/WebServer/bin/httpdctl[webserverTarget] 2017-03-17 01:02:41,101 [main] INFO com.sas.appserver.utils.AntProcessInvoker - Arguments:[webserverTarget] 2017-03-17 01:02:41,101 [main] INFO com.sas.appserver.utils.AntProcessInvoker - start[webserverTarget] [exec] (13)Permission denied: make_sock: could not bind to address [::]:443[webserverTarget] [webserverTarget] [exec] (13)Permission denied: make_sock: could not bind to address 0.0.0.0:443[webserverTarget] [webserverTarget] [exec] no listening sockets available, shutting down[webserverTarget] [webserverTarget] [exec] Unable to open logs[webserverTarget] [webserverTarget] [exec] Result: 1
When I started to execute below command with root user it throw below error and noticed 443 service not listining on linux server.
Path /opt/sas/config/Lev1/Web/WebServer/logs:-
[Fri Mar 17 08:23:58 2017] [warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Fri Mar 17 08:23:58 2017] [warn] RSA server certificate CommonName (CN) `xxxxxxxxxxxxxxxxxxxxxx' does NOT match server name!?
[Fri Mar 17 08:23:58 2017] [error] Unable to configure RSA server private key
[Fri Mar 17 08:23:58 2017] [error] SSL Library Error: 185073780 error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatch
[root@sastest01 tmp]# /opt/sas/config/Lev1/Web/WebServer/bin/httpdctl start
Starting pivotal httpd
Server start FAILED
Please advise.
Let's see. Step by step.
Objectives to achieve here:
Step 1: Windows - install and validate the server certificate
Step 2: SDW - provide certificates
Step 3.1: SDW Error - Ensure configuration of the SAS Web Server
# Server Certificate: SSLCertificateFile "ssl/yourserver.crt" # Server Private Key: SSLCertificateKeyFile "ssl/yourserver.key" # Server Certificate Chain: # (optional) SSLCertificateChainFile "ssl/yourserver-ca.crt" # Certificate Authority (CA): #SSLCACertificatePath "ssl/ssl.crt" SSLCACertificateFile "ssl/yourserver_chain.crt"
Step 3.2: SDW Error - Ensure the import of the certificates on the SASPrivateJRE
Step 3.3: SDW Error - Resume SAS Deployment Wizard/Configuration
If this still goes wrong, I would not wait longer and definetely get a SAS consultant on-site (with full availability of your certificates provider) or SAS Technical Support.
Thanks Juan_S_OCS
The SAS Users Group for Administrators (SUGA) is open to all SAS administrators and architects who install, update, manage or maintain a SAS deployment.
SAS technical trainer Erin Winters shows you how to explore assets, create new data discovery agents, schedule data discovery agents, and much more.
Find more tutorials on the SAS Users YouTube channel.