It could be that the problem is your private key file, not the password. Make sure your private key file is a PEM file format, i.e., it is human readable and starts with something like "-----BEGIN RSA PRIVATE KEY-----".

You can test to see if the certificate, private key file, and password are correct using openssl command with the s_server subcommand:

openssl s_server -debug -www -cert /opt/DWH/ETL/common/tools/misc/spawn/bin/keystore/store/clrv0000214910.pem -key /opt/DWH/ETL/common/tools/misc/spawn/bin/keystore/store/clrv0000214910.ic.ing.net.key -pass pass:<password> -CAfile /opt/DWH/ETL/common/tools/misc/spawn/bin/keystore/store/trustcert.pem

If the password is invalid, you will see
unable to load server certificate private key file
140521628231496:error:06065064:digital envelope routines:EVP_DecryptFinal_ex:bad decrypt:evp_enc.c:535:
140521628231496:error:23077074:PKCS12 routines:PKCS12_pbe_crypt:pkcs12 cipherfinal error:p12_decr.c:97:
140521628231496:error:2306A075:PKCS12 routines:PKCS12_item_decrypt_d2i:pkcs12 pbe crypt error:p12_decr.c:123:
140521628231496:error:0907B00D:PEM routines:PEM_READ_BIO_PRIVATEKEY:ASN1 lib:pem_pkey.c:132:

Many Thanks @doug_sas  for the reply, indeed the issue was with the private key file, the Spawner was  successfully stated with a different file.

But now i want to connect my windows custom client to the Spawner running on the RHEL Server.

we use the scripted method (tcpunix.scr) to sign on to the spawner below code is used to invoke the sign on 

%include ".\address.sas";
options netencryptalgorithm=ssl;
options remote=TOOLremo;
filename rlink ".\tcpunix.scr";

- the address file contains the server name and port name

- below is the code of tcpunix.scr file which simply run a ksh script on the server to launch a SAS session on the spawner

______________________________________________________________________________________________________________________

type 'sas -dmr -noterminal netencryptalgorithm=ssl -nosyntaxcheck' LF;
waitfor 'SESSION ESTABLISHED', 90 seconds : nosas;

log 'NOTE: SAS/CONNECT conversation established.';
stop;

unxspawn:
type "ksh /ING/DWH/ETL/common/tools/sas/sasetlmonitor &TOOLShoNam &TOOL_CLIusr" LF;
waitfor 'SESSION ESTABLISHED', 90 seconds : nosas;
stop;

___________________________________________________________________________________________________________

- Below is the code of the KSH script (sasetlmonitor) which is called by the tcpunix.scr file

${ETLsasRoot}/sas -dmr \
-altlog ${altlog} \
-work ${work} \
-config ${config} \
-sslcertloc /opt/DWH/ETL/common/tools/misc/spawn/bin/keystore/store/cert.pem \
-sslpvtkeyloc /opt/DWH/ETL/common/tools/misc/spawn/bin/keystore/store/privkey.pem \
-device grlink \
-noterminal \
-nonews \
-no\$syntaxcheck \
-dmsbatch

_______________________________

i have alraedy imported and trusted the certificate on the windows client server, but when i try to login to spawner with client we get below error on rhel logs

Running as user dwhmgr on hostname clrv0000214910.ic.ing.net
ERROR: A communication subsystem environment initialization request failure
ERROR: has occurred.
ERROR: Network request failed (rc 0x00007F971B5324B0) - SSL Error:
ERROR: Certificate was not found.
NOTE: SAS Institute Inc., SAS Campus Drive, Cary, NC USA 27513-2414
NOTE: The SAS System used:
NOTE: real time 0.02 seconds
NOTE: cpu time 0.03 seconds
NOTE:
NOTE: SAH239999I CONNECT, State, stopped

Can you please help me debug the issue, if i am missing somewhere to pass the certificate file

many thanks in advance for your time 🙂

Seems to me that your script is going to run  'sas -dmr -noterminal netencryptalgorithm=ssl -nosyntaxcheck' and not your KSH script. Since there are no SSL options, the connection is going to fail as you found out.

Look at https://go.documentation.sas.com/doc/en/pgmsascdc/9.4_3.3/connref/p0ze0vzqoyxy34n1sa0rpk8qd5n5.htm for more information about signon scripts.

Thanks, we were able to login to SAS Spawner with our client.

i have one silly question, sorry for that how, is there a way to confirm the Connection is Encrypted with SSL because on client server i checked it is showing as SAS is using TCP port 14555, so it means SAS client is connected to Spawner on TCP port 14555 with SSL Encryption ?

- below is the Process which runs on Server when client session is successfully Stablished with Spawner

we have not Defined COMAMID = TCP any where, so is this be default ?