BookmarkSubscribeRSS Feed
mmoorthiupm
Fluorite | Level 6

Hi 

I am getting the below error,and I got the new certificate for sas analytics server can you help me out how to place the certificate in server,request you to share the step.

HTTP Status 500 - javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path validation failed: java.security.cert.CertPathValidatorException: timestamp check failed

 

11 REPLIES 11
mmoorthiupm
Fluorite | Level 6

Hi ,

I am getting the below error,and I got the new certificate for sas analytics server can you help me out how to place the certificate in server,request you to share the step.

HTTP Status 500 - javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path validation failed: java.security.cert.CertPathValidatorException: timestamp check failed

 

JuanS_OCS
Amethyst | Level 16

Thank you @Kurt_Bremser, good move 🙂

 

Hello @mmoorthiupm,

 

PKIX is indeed a certificate related error.

 

Could you describe the steps/actions you have taken, so far?

 

I can imagine 2 situations: you are doing a new SAS deployment/installation, or you are modifying your current SAS deployment from HTTP to HTTPS. Which one would be yours?

 

Thank you in advance, with additional details, we will be able to provide you better support.

 

Kind regards,

Juan

mmoorthiupm
Fluorite | Level 6

Hi 

 

I have moved .crt and .key files in to the below location this is the step i have done so far

 

/opt/sas/config/Lev1/Web/WebServer/ssl/

 

and could help me out to how to make it as live any import option is there.

  

JuanS_OCS
Amethyst | Level 16

Now I understand your requirement.

 

You need to import the  full certificate path (as far as the CA, trusted and server certificates have been renewed) into the SAS Private JRE certificate store, and then restart the SAS Middle tier.

 

See instructions below:

http://documentation.sas.com/?docsetId=secref&docsetTarget=n0n1y5gwevy312n13h5bm4yf6quy.htm&docsetVe...

 

mmoorthiupm
Fluorite | Level 6

Shall I go with below steps kindly suggest 

 

To add CA root and intermediate certificates, perform these steps:
  1. Log on to the primary middle-tier machine as the SAS Installer user.
  2. Change the directory to where your keytool commands reside.
    For example:
    cd /usr/java/jdk_version/bin
  3. Enter the following command. Refer to the table for information that you must provide.
    ./keytool –importcert –keystore "SAS-installation-directory
    /SASPrivateJavaRuntimeEnvironment/9.4/jre/lib/security/cacerts" 
    –storepass changeit –alias myhost –file path-to-keystore.jks
JuanS_OCS
Amethyst | Level 16

Beware that starting SAS 9.4 M3 cacerts is not the main certificate store, but jscerts. Also, it is advised by SAS to use the SAS Deployment Manager starting SAS 9.4 M3 and not they keytool anymore (since the certificate store may change).

mmoorthiupm
Fluorite | Level 6

Hi,

 

We are facing the below issue while importing updated certificate through SAS deployment manager in sas server ,Please find the attached issue screen and could please help me out.

mmoorthiupm
Fluorite | Level 6

Hi 

 

And am working on exciting environment need to renew the certificate. 

mmoorthiupm
Fluorite | Level 6

Dear All,

 

Thanks for your suggestions ,we have fixed the issue.

 

Thanks and Regards

Moorthi Selvam.

JuanS_OCS
Amethyst | Level 16

Hello @mmoorthiupm,

 

could you update how you fixed the issue and mark the proper answer as solution?

This would help other SAS users with a similar question.

 

Thank you.

 

Regards,

Juan

suga badge.PNGThe SAS Users Group for Administrators (SUGA) is open to all SAS administrators and architects who install, update, manage or maintain a SAS deployment. 

Join SUGA 

CLI in SAS Viya

Learn how to install the SAS Viya CLI and a few commands you may find useful in this video by SAS’ Darrell Barton.

Find more tutorials on the SAS Users YouTube channel.

Discussion stats
  • 11 replies
  • 2378 views
  • 6 likes
  • 3 in conversation