BookmarkSubscribeRSS Feed
JuanS_OCS
Azurite | Level 17

Hi @Madhan_cog1 ,

 

yo need to split the certificates as I instructed. Then you need to import the certificates in order, as described in your certificate path: first the CA, then the intermediate, and the last one your server certificate.

Madhan_cog1
Quartz | Level 8

Hi Juan,

Thanks for the response.

As per the instructions we have created the certificate chain in the below format.

 

-----BEGIN CERTIFICATE-----
(Your Primary SSL certificate: scedevweb.pem)
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
(Your Intermediate certificate: Novo_Issuing_CA.pem)
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
(Your Root certificate: Novo_Root_CA.pem)
-----END CERTIFICATE-----

We also have a private key in a separate file scedevweb1.key.

we were able to bundle the certificate successfully.

But when we try to configure we are getting the below error:

"ERROR com.sas.sdw.SDWExceptionHandler - java.lang.Exception: Failed to create PKCS12 certificate"

 

Attaching the log for reference.

Then we tried to include the RSA Private key in the same .pem file and bundle it but we are facing the below issue.

"The following error occured loading certificate file:signed overrun bytes =918.

Could you please assist.

 

Thanks,

Madhan M.

AnandVyas
Ammonite | Level 13

In the attached logs, I can see below error. Looks like the certificate isn't in correct order or the key used to generate csr was different.

 

"[exec] No certificate matches private key"

 

You can check if an SSL certificate matches a Private Key by using the 3 easy commands below:

 

For your SSL certificate: openssl x509 –noout –modulus –in <file>.crt | openssl md5

For your RSA private key: openssl rsa –noout –modulus –in <file>.key | openssl md5

For your CSR: openssl req -noout -modulus -in <file>.csr | openssl md5

 

You just need to replace <file> with your file’s name. If all the three match, the SSL certificate matches the Private Key.

 

Ref link 

AnandVyas
Ammonite | Level 13

Also, the certificate chain should be root, followed by intermediate and then the host. I think you have done it in reverse order.

suga badge.PNGThe SAS Users Group for Administrators (SUGA) is open to all SAS administrators and architects who install, update, manage or maintain a SAS deployment. 

Join SUGA 

Get Started with SAS Information Catalog in SAS Viya

SAS technical trainer Erin Winters shows you how to explore assets, create new data discovery agents, schedule data discovery agents, and much more.

Find more tutorials on the SAS Users YouTube channel.

Discussion stats
  • 18 replies
  • 6853 views
  • 4 likes
  • 3 in conversation