Architecting, installing and maintaining your SAS environment

sas9.3 conent server https vaildation

Reply
Contributor
Posts: 45

sas9.3 conent server https vaildation

when we configured our jboss for https acees as the jboss document we couldn't validate sas conent server after modifing smc.ini file

"the pdf file say edit sasmc.ini file but it's not exist i only see smc.ini"

 

[7/17/13 7:00 AM] INFO: Starting simple validation for WebDAV server (level 1) - ping

[7/17/13 7:00 AM] INFO: Ping successful!

[7/17/13 7:00 AM] INFO: Starting extended validation for WebDAV server (level 1) - Making a connection

[7/17/13 7:00 AM] INFO: Path: 'https://sas93:8443/SASContentServer/repository/default/sasfolders/'

[7/17/13 7:00 AM] SEVERE: Exception accessing https://sas93:8443 (sun.security.validator.ValidatorException: PKIX path building failed: sun.security.providererror.png.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target)

 

PROC Star
Posts: 426

Re: sas9.3 conent server https vaildation

Posted in reply to SASuser19

Are you following the instruction in the Configuring One-Way SSL Authentication section in Configuring the JBoss Application Server for Secure Sockets Layer and Client-Certificate Authentication on SAS® 9.3 Enterprise BI Server Web Applications at https://support.sas.com/resources/thirdpartysupport/v93/appservers/ConfigureJBossforSSLandClient-Cer...

 

If so, I think you may have sasmc.ini and smc.ini mixed up in your statement "the pdf file say edit sasmc.ini file but it's not exist i only see smc.ini". The PDF (above) mentions smc.ini but in my installation the file is sasmc.ini (i.e. there is a typo in the PDF).

 

I have seen that PKIX message many times and it usually means that the server certificate offered by the web (application) server (JBoss in this instance) is not trusted, in that the required certificate-authority (CA) certificate in the chain of trust cannot be found in the JRE's trust store. There are 2 ways to resolve this 1) update the default JRE trust store JREHOME/lib/security/cacerts to add the CA cert so all applications using that JRE can use it or 2) direct a Java application to use a specific keystore using the javax.net.ssl.trustStore* system properties as describe in the SAS PDF on page 11

 

You can tell which JRE SASMC is using by looking in the sasmc.ini file. It usually refers to JREHOME which is defined in the included sassw.config in the SAS home dir (usually 2 directories above sasmc.ini).

Ask a Question
Discussion stats
  • 1 reply
  • 357 views
  • 1 like
  • 2 in conversation