Hi,
A warning indicating ‘Your connection to this site is not secure’ is received when accessing the SAS Viya URL after a successful deployment without authorized IP ranges (Version: Stable 2024.08 Release: 20240925.1727250373280).
Please find the error information attached below.
Because I did not set authorized IP ranges during the deployment, SAS Viya configured TLS for data in motion security to use a certificate generated by an open certificate authority - Let’s Encrypt, according to the FAQ ( https://go.documentation.sas.com/doc/en/viyaakscdc/v_001/viyaaksfaq/n09skbpwwk7m4vn122eufqzw4mgr.htm),.
How can I confirm that the certificate generated by Let’s Encrypt is functioning properly? If the unsecured connection warning persists, please provide guidance on resolving this issue.
Thank you in advance for your assistance.
The error info received from Microsoft Edge when accessing the URL is attached below.
Your connection isn't private Attackers might be trying to steal your information from (redacted).(redacted).cloudapp.azure.com (for example, passwords, messages, or credit cards). Learn more about this warning net::ERR_CERT_AUTHORITY_INVALID Subject: Issuer: sas-viya-root-ca-certificate Expires on: Dec 24, 2024 Current date: Sep 25, 2024 PEM encoded chain:-----BEGIN CERTIFICATE----- (redacted) -----END CERTIFICATE-----
Hi @DQM I wonder whether or not you may have accidentally ticked the "set authorized IP ranges" box, but left an open range? Something like this:
That would be enough within our deployment mechanism to switch from using the Let's Encrypt certificate issuer to using self-signed certificates.
If you are using restricted IP ranges and you want to make the certificate warnings go away you can follow the instructions that we have published on importing the self-signed CA certificate into a certificate store.
Hi cj_blake,
Thanks for helping me with trouble-shooting.
I don't think I accidentally checked the box for setting authorized IP ranges during this deployment.
To confirm this, I checked the "parameters and outputs" of the managed application (SAS Viya) in Azure. The boolean value for useIpAllowlist parameter is empty although ipAllowlist does show 0.0.0.0/0. I believe if I selected authorized IP ranges during the deployment, the value for useIpAllowlist would be "True".
Oh that's interesting. We check for an explicit "False" there. I don't know why that bool would be blank!
Have you tried doing another deployment?
Good to know that the value of ipAllowlist should be "False" if I don't select authorized IP ranges. I will do another deployment without IP ranges selected and check the ipAllowlist after deployment.
I redeployed SAS Viya without authorized IP ranges and encountered the same unsecure connection issue.
Authorized IP Ranges was not ticked (the name was redacted).
no explicit "False" value for useIpAloowlist
Are you ready for the spotlight? We're accepting content ideas for SAS Innovate 2025 to be held May 6-9 in Orlando, FL. The call is open until September 25. Read more here about why you should contribute and what is in it for you!