Architecting, installing and maintaining your SAS environment

Where is .pem file

Reply
Occasional Contributor
Posts: 19

Where is .pem file

 

Hi,

When I run the following code:

 

 
Libname imp impala dsn=Impala_new db=testdb
CONOPTS='SSL=1;TRUSTEDCERTS=/sas/Software/Hadoop/Hound/Certs/test_truststore.pem;USESASL=1;ALLOWSELFSIGNEDSERVERCERT=1;CAISSUEDCERTNAMESMISMATCH=1';  
  

 

Getting this in log file:

 

 

30          Libname imp impala dsn=Impala_new db=testdb
31         CONOPTS='SSL=1;TRUSTEDCERTS=/sas/Software/Hadoop/Hound/Certs/test_truststore.pem;USESASL=1;ALLOWSELFSIGNEDSERVERCERT=1;
31       ! CAISSUEDCERTNAMESMISMATCH=1';
NOTE: Libref IMP was successfully assigned as follows: 
      Engine:        IMPALA 
      Physical Name: Impala_new

 

But we don't have this folder and file (/sas/Software/Hadoop/Hound/Certs/test_truststore.pem) on compute server and I don't get any error for it either. Could you tell me where is this path and file?

SAS Employee
Posts: 61

Re: Where is .pem file

The last two options probably make the driver not check the trusted CA list. So there isn't any trusted certificates store being read.
Occasional Contributor
Posts: 19

Re: Where is .pem file

Posted in reply to SimonDawson

When I change those two options to '0' ALLOWSELFSIGNEDSERVERCERT=0; CAISSUEDCERTNAMESMISMATCH=0 (so that the driver checks the trusted CA list), it still works and I don't get any error. It seems that this folder is somewhere on server.

 

SAS Employee
Posts: 61

Re: Where is .pem file

This is perhaps something to discuss with Cloudera support. The driver is created by Cloudera. Likely its using one of the more common TLS/SSL implementations and it will be also loading up certificates from a default location also in addition to the user specified trusted certificates. You could attach a syscall tracer and trace the open syscall for the session and you'll see it if its loaded.
Ask a Question
Discussion stats
  • 3 replies
  • 155 views
  • 1 like
  • 2 in conversation