BookmarkSubscribeRSS Feed
SASuser19
Quartz | Level 8

when we configured our jboss for https acees as the jboss document we couldn't validate sas conent server after modifing smc.ini file

"the pdf file say edit sasmc.ini file but it's not exist i only see smc.ini"

 

[7/17/13 7:00 AM] INFO: Starting simple validation for WebDAV server (level 1) - ping

[7/17/13 7:00 AM] INFO: Ping successful!

[7/17/13 7:00 AM] INFO: Starting extended validation for WebDAV server (level 1) - Making a connection

[7/17/13 7:00 AM] INFO: Path: 'https://sas93:8443/SASContentServer/repository/default/sasfolders/'

[7/17/13 7:00 AM] SEVERE: Exception accessing https://sas93:8443 (sun.security.validator.ValidatorException: PKIX path building failed: sun.security.providererror.png.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target)

 

1 REPLY 1
PaulHomes
Rhodochrosite | Level 12

Are you following the instruction in the Configuring One-Way SSL Authentication section in Configuring the JBoss Application Server for Secure Sockets Layer and Client-Certificate Authentication on SAS® 9.3 Enterprise BI Server Web Applications at https://support.sas.com/resources/thirdpartysupport/v93/appservers/ConfigureJBossforSSLandClient-Cer...

 

If so, I think you may have sasmc.ini and smc.ini mixed up in your statement "the pdf file say edit sasmc.ini file but it's not exist i only see smc.ini". The PDF (above) mentions smc.ini but in my installation the file is sasmc.ini (i.e. there is a typo in the PDF).

 

I have seen that PKIX message many times and it usually means that the server certificate offered by the web (application) server (JBoss in this instance) is not trusted, in that the required certificate-authority (CA) certificate in the chain of trust cannot be found in the JRE's trust store. There are 2 ways to resolve this 1) update the default JRE trust store JREHOME/lib/security/cacerts to add the CA cert so all applications using that JRE can use it or 2) direct a Java application to use a specific keystore using the javax.net.ssl.trustStore* system properties as describe in the SAS PDF on page 11

 

You can tell which JRE SASMC is using by looking in the sasmc.ini file. It usually refers to JREHOME which is defined in the included sassw.config in the SAS home dir (usually 2 directories above sasmc.ini).

suga badge.PNGThe SAS Users Group for Administrators (SUGA) is open to all SAS administrators and architects who install, update, manage or maintain a SAS deployment. 

Join SUGA 

CLI in SAS Viya

Learn how to install the SAS Viya CLI and a few commands you may find useful in this video by SAS’ Darrell Barton.

Find more tutorials on the SAS Users YouTube channel.

Discussion stats
  • 1 reply
  • 1218 views
  • 1 like
  • 2 in conversation