This message is saying that the TLS communication failed, but doesn't say why. We should look for additional messages for context, you may want to check the _console log files as this would capture any errors written to stderr/stdout that aren't captured in the dated service logs.

Usually, TLS failures are the result of the certificate not matching the hostname or a lack of a chain of trust. Assuming the issue is one of those I would check the certificate you are providing in the SSLCERTLOC contains the hostname for the server in the Subject Alternative Names field:

openssl x509 -in <path to cert> -text -noout | grep Alternative -A1

And confirm the certificate's issuer(s) (or the certificate itself in the case of a self-signed cert) are in the SAS trust store for all SASHome paths. (<SASHome>/SASSecurityCertificateFramework/1.1/cacerts/trustedcerts.pem).

Issuer of your cert:
openssl x509 -in <path to cert> -text -noout | grep Issuer

Contents of your SAS trust store (each cert and its issuer):
<SASHome>/SASPrivateJavaRuntimeEnvironment/9.4/jre/bin/keytool -printcert -file <SASHome>/SASSecurityCertificateFramework/1.1/cacerts/trustedcerts.pem | grep -E '(Owner:|Issuer:)'

Hi Greg,

Thanks for your response.
I had checked the commands in the server and the hostname matches with the X509v3 Subject Alternative Name.

I cross checked the certificate issuer for all the certificates and these are present in the SAS trust store for all SASHome paths.

 

Only we have this error and the server is running fine.

Any suggestion further to resolve this issue.

 

Kind Regards,

Siddhu1

You could try setting the loggers App.tk.eam.ssl and App.tk.els.ssl to trace to see if this surfaces more information on the TLS communication, you may wish to engage SAS Technical Support for help.