cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
BookmarkSubscribeRSS Feed
☑ This topic is solved. Need further help from the community? Please sign in and ask a new question.
thesasuser
Lapis Lazuli | Level 10 thesasuser
Lapis Lazuli | Level 10
Go to Solution

SAS Viya 4 on AWS login fails with sas-viya cli

Posted 03-28-2024 11:52 AM (1062 views)

Hello
I am new to SAS Viya 4. I am trying to login using sas-viya cli. The error is 

tls: failed to verify certificate: x509: certificate signed by unknown authority
Login failed due to an error with the security certificate. The certificate is signed by an unknown authority. Run with the '--verbose' global option to see additional details.

I have followed the instructions at https://documentation.sas.com/doc/sv/sasadmincdc/v_045/calcli/n1e2dehluji7jon1gk69yggc6i28.htm to generate the trustedcerts.pem.

Could someone enlighten on this?

 

0 Likes
Reply
1 ACCEPTED SOLUTION

Accepted Solutions
gwootton
SAS Super FREQ gwootton
SAS Super FREQ

Re: SAS Viya 4 on AWS login fails with sas-viya cli

Posted 03-29-2024 10:26 AM (983 views)  |   In reply to thesasuser
The steps in the documentation linked copy the trustedcerts.pem file from a pod onto the machine where you are running sas-viya.
kubectl -n name-of-namespace cp $(kubectl get pod -n name-of-namespace | grep "sas-logon-app" | head -1 |
awk -F" " '{print $1}'):security/trustedcerts.pem /tmp/trustedcerts.pem

You then set the SSL_CERT_FILE environment variable to point to that file:
export SSL_CERT_FILE=/tmp/trustedcerts.pem

After doing that, you should not get an error that the certificate is untrusted unless the CA certificate used to issue the ingress certificate was not added to the trusted CA certificates, so does not exist in trustedcerts.pem.
--
Greg Wootton | Principal Systems Technical Support Engineer

View solution in original post

Reply
2 REPLIES 2
SASKiwi
PROC Star SASKiwi
PROC Star

Re: SAS Viya 4 on AWS login fails with sas-viya cli

Posted 03-28-2024 06:45 PM (1013 views)  |   In reply to thesasuser

In my experience, renewing security certificates is tricky at the best of times. You will make faster progress via a Tech Support track if you haven't opened one already. There are likely to be very few Community users with firsthand experience of Viya 4 security certificates.

Reply
gwootton
SAS Super FREQ gwootton
SAS Super FREQ

Re: SAS Viya 4 on AWS login fails with sas-viya cli

Posted 03-29-2024 10:26 AM (984 views)  |   In reply to thesasuser
The steps in the documentation linked copy the trustedcerts.pem file from a pod onto the machine where you are running sas-viya.
kubectl -n name-of-namespace cp $(kubectl get pod -n name-of-namespace | grep "sas-logon-app" | head -1 |
awk -F" " '{print $1}'):security/trustedcerts.pem /tmp/trustedcerts.pem

You then set the SSL_CERT_FILE environment variable to point to that file:
export SSL_CERT_FILE=/tmp/trustedcerts.pem

After doing that, you should not get an error that the certificate is untrusted unless the CA certificate used to issue the ingress certificate was not added to the trusted CA certificates, so does not exist in trustedcerts.pem.
--
Greg Wootton | Principal Systems Technical Support Engineer
Reply

suga badge.PNGThe SAS Users Group for Administrators (SUGA) is open to all SAS administrators and architects who install, update, manage or maintain a SAS deployment. 

Join SUGA 

Get Started with SAS Information Catalog in SAS Viya

SAS technical trainer Erin Winters shows you how to explore assets, create new data discovery agents, schedule data discovery agents, and much more.

Watch Get Started with SAS Information Catalog in SAS Viya on YouTube

Find more tutorials on the SAS Users YouTube channel.

Discussion stats
  • 2 replies
  • ‎03-28-2024 11:52 AM
  • 1063 views
  • 2 likes
  • 3 in conversation