BookmarkSubscribeRSS Feed
☑ This topic is solved. Need further help from the community? Please sign in and ask a new question.
thesasuser
Lapis Lazuli | Level 10

Hello
I am new to SAS Viya 4. I am trying to login using sas-viya cli. The error is

tls: failed to verify certificate: x509: certificate signed by unknown authority
Login failed due to an error with the security certificate. The certificate is signed by an unknown authority. Run with the '--verbose' global option to see additional details.

I have followed the instructions at https://documentation.sas.com/doc/sv/sasadmincdc/v_045/calcli/n1e2dehluji7jon1gk69yggc6i28.htm to generate the trustedcerts.pem.

Could someone enlighten on this?

 

1 ACCEPTED SOLUTION

Accepted Solutions
gwootton
SAS Super FREQ
The steps in the documentation linked copy the trustedcerts.pem file from a pod onto the machine where you are running sas-viya.
kubectl -n name-of-namespace cp $(kubectl get pod -n name-of-namespace | grep "sas-logon-app" | head -1 |
awk -F" " '{print $1}'):security/trustedcerts.pem /tmp/trustedcerts.pem

You then set the SSL_CERT_FILE environment variable to point to that file:
export SSL_CERT_FILE=/tmp/trustedcerts.pem

After doing that, you should not get an error that the certificate is untrusted unless the CA certificate used to issue the ingress certificate was not added to the trusted CA certificates, so does not exist in trustedcerts.pem.
--
Greg Wootton | Principal Systems Technical Support Engineer

View solution in original post

2 REPLIES 2
SASKiwi
PROC Star

In my experience, renewing security certificates is tricky at the best of times. You will make faster progress via a Tech Support track if you haven't opened one already. There are likely to be very few Community users with firsthand experience of Viya 4 security certificates.

gwootton
SAS Super FREQ
The steps in the documentation linked copy the trustedcerts.pem file from a pod onto the machine where you are running sas-viya.
kubectl -n name-of-namespace cp $(kubectl get pod -n name-of-namespace | grep "sas-logon-app" | head -1 |
awk -F" " '{print $1}'):security/trustedcerts.pem /tmp/trustedcerts.pem

You then set the SSL_CERT_FILE environment variable to point to that file:
export SSL_CERT_FILE=/tmp/trustedcerts.pem

After doing that, you should not get an error that the certificate is untrusted unless the CA certificate used to issue the ingress certificate was not added to the trusted CA certificates, so does not exist in trustedcerts.pem.
--
Greg Wootton | Principal Systems Technical Support Engineer

suga badge.PNGThe SAS Users Group for Administrators (SUGA) is open to all SAS administrators and architects who install, update, manage or maintain a SAS deployment. 

Join SUGA 

Get Started with SAS Information Catalog in SAS Viya

SAS technical trainer Erin Winters shows you how to explore assets, create new data discovery agents, schedule data discovery agents, and much more.

Find more tutorials on the SAS Users YouTube channel.

Discussion stats
  • 2 replies
  • 1236 views
  • 2 likes
  • 3 in conversation