BookmarkSubscribeRSS Feed
nhvdwalt
Barite | Level 11

Hi team,

 

Due to an update in Chrome, we had to regenerate one of our SAS web server certificate files.

 

Since the corporate CA certificate nor the server private key changed, am I correct by saying that I can only replace the .crt file in <config_dir>/Lev1/Web/WebServer/ssl and restart the mid tier ?

 

Thanks,

 

5 REPLIES 5
JuanS_OCS
Amethyst | Level 16
Hello,

Actually, no, that's not enough.
You need to ensure the certificate chain is replaced/updated on the web server (if you have set up the certificate chain file), and you need to re-import in order every certificate from the chain in every machine where the privatejre from SAS is installed (servers and clients).


nhvdwalt
Barite | Level 11

Thanks @JuanS_OCS

 

Please bear with me, I'm on crypto 101 here.....

 

If the none of the CA details have changed, why would that affect the chain ?

JuanS_OCS
Amethyst | Level 16
Good question.

Actually, one detail changes right? Expiration date or whatsoever. The thing is that you need to change the CA with some (minor) detail changes what I expect will change, in the end, the pem certificate content. If client-server certificate has any difference, ssl won't validate the connection.

So, what you can do once you regenerate the new ca, is to compare contents of the file. If they are the same, you won't need to ensure anything , but if a single character changes, I would refer you to my previous advise.
nhvdwalt
Barite | Level 11

Thanks @JuanS_OCS, makes sense. We'll probably only do this on Thu, but I will report back.

 

Thanks for the help.

nhvdwalt
Barite | Level 11

Ok, so I made the change yesterday. I only replaced the server's certificate, since that is the only component that changed. No CA changes were made. The change was succesful and the mid-tier came up ok.

 

Both IE and Chrome are now connecting ok.

 

Thanks for all the inputs @JuanS_OCS

suga badge.PNGThe SAS Users Group for Administrators (SUGA) is open to all SAS administrators and architects who install, update, manage or maintain a SAS deployment. 

Join SUGA 

CLI in SAS Viya

Learn how to install the SAS Viya CLI and a few commands you may find useful in this video by SAS’ Darrell Barton.

Find more tutorials on the SAS Users YouTube channel.

Discussion stats
  • 5 replies
  • 1131 views
  • 0 likes
  • 2 in conversation