Hi Alexal
Well I am pleased to report that we resolved issue without engaging the consultants. You were absolutely correct, a certificate on our LDAP had expired and was replaced. We copied the new certificate onto the Linux SAS server. Excellent news.
So that being said, we never had this issue in VA or SAS 9.4 on our old install, seems to be new with our recent Viya install, so we noticed that the certificate we just applied expires January 2019. We are assuming this issue will occur again then, we don't appear to get any warning about this certificate expiring, maybe I should see if IT can add some sort of alert to our SAS administrator.
Thanks so much for your support and quick replies on this issue, greatly appreciated.
You are welcome. I'm glad that the problem has been resolved.
Well I am pleased to report that we resolved issue without engaging the consultants. You were absolutely correct, a certificate on our LDAP had expired and was replaced. We copied the new certificate onto the Linux SAS server. Excellent news.
So that being said, we never had this issue in VA or SAS 9.4 on our old install, seems to be new with our recent Viya install, so we noticed that the certificate we just applied expires January 2019. We are assuming this issue will occur again then, we don't appear to get any warning about this certificate expiring, maybe I should see if IT can add some sort of alert to our SAS administrator.
HI There
We are experiencing this issue again today, however this time our LDAP SSL certificate in active directory has not expired? Any suggestions?
Have you had a chance to check the most recent log file in /opt/sas/viya/config/var/log/saslogon/default/? Do you see any errors?
IT is telling me it appears to be Java certificates this time?
Msg from log file is: unable to find valid certification path to requested target
(target being ldaps service on DC)
I have verified cert in question on DC has not renewed yet. Have also verified that the DC cert has been added to both trustedcerts.pem and the trustedcerts.jks keystore.
Wondering if it is possible that the saslogon service is initializing with a different keystore.
I have found another location containing those files:
/opt/sas/yiva/home/SASSecurityCertificateFramework/cacerts
So the question is which does viya use? If it is the above, this could be the issue.
Found the java config opts it is pointing to:
/opt/sas/viya/config/etc/SASSecurityCertificateFramework/cacerts/trustedcerts.jks
These are messages from our IT partner - anyone have any ideas for troubleshooting?
The SAS Users Group for Administrators (SUGA) is open to all SAS administrators and architects who install, update, manage or maintain a SAS deployment.
SAS technical trainer Erin Winters shows you how to explore assets, create new data discovery agents, schedule data discovery agents, and much more.
Find more tutorials on the SAS Users YouTube channel.