BookmarkSubscribeRSS Feed
🔒 This topic is solved and locked. Need further help from the community? Please sign in and ask a new question.
Pollewops
Fluorite | Level 6

Is there a way to unattended add .cer files to the SAS 9.4 configuration ?

Now I need to go through the wizard which is time consuming.

 

Any idea if such a command line is possible ?

1 ACCEPTED SOLUTION

Accepted Solutions
Pollewops
Fluorite | Level 6

SOLVED. I would like to share my current DOS script which works:

 

@echo off

set folder=%~dp0
if #%folder:~-1%# == #\# set folder=%folder:~0,-1%

 

rd /s /q "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SAS\Utilities"
rd /s /q "%appdata%\Microsoft\Windows\Start Menu\Programs\SAS"

md "%appdata%\SAS\MetadataServerProfiles"
xcopy /e /y /r %folder%\config\*.swa "%appdata%\SAS\MetadataServerProfiles\"

 

echo install certificates
rem C:\Program Files\SASHome\SASSecurityCertificateFramework\1.1\cacerts
for /f "tokens=*" %%i in ('dir /b "%folder%\CI Certficates\"') do set cert=%%i && call :add_cert %cert%

pause
exit

 

:add_cert
echo cert %cert%
call :create_rspfile %cert%
"C:\Program Files\SASHome\SASDeploymentManager\9.4\sasdm.exe" -quiet -responsefile "%temp%\cert.rsp"
goto :eof

 

:create_rspfile
rem create response file
set rspfilelocation=%folder%\CI Certficates\%cert%
echo MANAGE_TASK=certframe_add > "%temp%\cert.rsp"
echo certframe.add.file=%rspfilelocation% >> "%temp%\cert.rsp"
goto :eof

View solution in original post

3 REPLIES 3
JuanS_OCS
Amethyst | Level 16

Hello @Pollewops,

 

the java keytool command is your friend, since SAS basically uses the java certificate store (SASPrivateJRE) and the certificates on the Web Server you can manage them as a normal Apache server on ht httpd-ssl.cfg file. As simple as that.

 

Google: https://www.google.nl/search?q=java+import+certificates+keytool&oq=java+import+certificates+keytool&...

 

Kind regards,

Juan

alexal
SAS Employee

@Pollewops,

 

Basically, you have to update two files in /<SASHome>/SASSecurityCertificateFramework/1.1/cacerts

 

  • trustedcerts.pem - just a text file, where you need to append your Base-64 encoded X.509 certificate
  • trustedcerts.jks - this file can be updated with Java Key Tool as was mentioned above
Pollewops
Fluorite | Level 6

SOLVED. I would like to share my current DOS script which works:

 

@echo off

set folder=%~dp0
if #%folder:~-1%# == #\# set folder=%folder:~0,-1%

 

rd /s /q "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SAS\Utilities"
rd /s /q "%appdata%\Microsoft\Windows\Start Menu\Programs\SAS"

md "%appdata%\SAS\MetadataServerProfiles"
xcopy /e /y /r %folder%\config\*.swa "%appdata%\SAS\MetadataServerProfiles\"

 

echo install certificates
rem C:\Program Files\SASHome\SASSecurityCertificateFramework\1.1\cacerts
for /f "tokens=*" %%i in ('dir /b "%folder%\CI Certficates\"') do set cert=%%i && call :add_cert %cert%

pause
exit

 

:add_cert
echo cert %cert%
call :create_rspfile %cert%
"C:\Program Files\SASHome\SASDeploymentManager\9.4\sasdm.exe" -quiet -responsefile "%temp%\cert.rsp"
goto :eof

 

:create_rspfile
rem create response file
set rspfilelocation=%folder%\CI Certficates\%cert%
echo MANAGE_TASK=certframe_add > "%temp%\cert.rsp"
echo certframe.add.file=%rspfilelocation% >> "%temp%\cert.rsp"
goto :eof

suga badge.PNGThe SAS Users Group for Administrators (SUGA) is open to all SAS administrators and architects who install, update, manage or maintain a SAS deployment. 

Join SUGA 

CLI in SAS Viya

Learn how to install the SAS Viya CLI and a few commands you may find useful in this video by SAS’ Darrell Barton.

Find more tutorials on the SAS Users YouTube channel.

Discussion stats
  • 3 replies
  • 1481 views
  • 0 likes
  • 3 in conversation