cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
BookmarkSubscribeRSS Feed
jbond007
Obsidian | Level 7 jbond007
Obsidian | Level 7

Path does not chain with any of the trust anchors. SAS DM

Posted 06-09-2022 12:37 AM (4909 views)

Hi SAS Community,

 

Need help.

Im renewing a new bundle certificate on windows SAS DM. 
I install it on sequence, root > intermediate > cert but are encountering the error 
"Path does not chain with any of the trust anchors" but as per checking the details on the certs are correct. CN, OU, etc. 

I also added the certificates on Windows CA Store
https://documentation.sas.com/doc/en/pgmsascdc/9.4_3.5/secref/n12036intelplatform00install.htm

 

im not sure what's wrong with the setup, im thinking can i delete the existing cacerts.jks, cacerts.pem, trustedcerts.jks, trustedcerts.pem and install everything?

0 Likes
Reply
4 REPLIES 4
gwootton
SAS Super FREQ gwootton
SAS Super FREQ

Re: Path does not chain with any of the trust anchors. SAS DM

Posted 06-09-2022 07:48 AM (4872 views)  |   In reply to jbond007
Are you adding these all as a single file, or adding the certificates individually? Usually when I see this message it is because the certificates in a file with multiple certificates are in the wrong order.
--
Greg Wootton | Principal Systems Technical Support Engineer
0 Likes
Reply
jbond007
Obsidian | Level 7 jbond007
Obsidian | Level 7

Re: Path does not chain with any of the trust anchors. SAS DM

Posted 06-10-2022 01:05 AM (4847 views)  |   In reply to gwootton

Im adding it individually on SDM..

Yes correct. that's why im thinking if i can remove all the contents in the cacerts then reimport.

0 Likes
Reply
gwootton
SAS Super FREQ gwootton
SAS Super FREQ

Re: Path does not chain with any of the trust anchors. SAS DM

Posted 06-10-2022 09:00 AM (4826 views)  |   In reply to jbond007
There is a SDM task to remove certificates, but I'm not sure that would have any impact. You may want to confirm the root CA you are trying to install is indeed a root CA (issued by itself) and only contains the one certificate. This command should output the subject(s) and issuer(s) in a certificate file.

openssl crl2pkcs7 -nocrl -certfile <certificate.pem> | openssl pkcs7 -print_certs -noout

Here's the documentation on removing certificates from the bundle.

Remove Your Certificates from the Trusted CA Bundle
https://go.documentation.sas.com/doc/en/pgmsascdc/9.4_3.5/secref/n0n1y5gwevy312n13h5bm4yf6quy.htm#p1...
--
Greg Wootton | Principal Systems Technical Support Engineer
0 Likes
Reply
jbond007
Obsidian | Level 7 jbond007
Obsidian | Level 7

Re: Path does not chain with any of the trust anchors. SAS DM

Posted 06-14-2022 10:06 PM (4783 views)  |   In reply to gwootton

I forgot to reply to this hehe.. so basically i compared the cacerts file and the contents are different from the intermediate cert part. so i removed it through the SDM remove certificates from bundle and then try again to import using the same sequence root>intermediate>cert then it worked 🙂 

Reply

suga badge.PNGThe SAS Users Group for Administrators (SUGA) is open to all SAS administrators and architects who install, update, manage or maintain a SAS deployment. 

Join SUGA 

Get Started with SAS Information Catalog in SAS Viya

SAS technical trainer Erin Winters shows you how to explore assets, create new data discovery agents, schedule data discovery agents, and much more.

Watch Get Started with SAS Information Catalog in SAS Viya on YouTube

Find more tutorials on the SAS Users YouTube channel.

Discussion stats
  • 4 replies
  • ‎06-09-2022 12:37 AM
  • 4910 views
  • 2 likes
  • 2 in conversation