cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
BookmarkSubscribeRSS Feed
DQM
Fluorite | Level 6 DQM
Fluorite | Level 6

unsecured connection warning when accessing SASa Viya URL

Posted a week ago (449 views)

Hi,

A warning indicating ‘Your connection to this site is not secure’ is received when accessing the SAS Viya URL after a successful deployment without authorized IP ranges (Version: Stable 2024.08 Release: 20240925.1727250373280).

Please find the error information attached below.

 

Because I did not set authorized IP ranges during the deployment, SAS Viya configured TLS for data in motion security to use a certificate generated by an open certificate authority - Let’s Encrypt, according to the FAQ ( https://go.documentation.sas.com/doc/en/viyaakscdc/v_001/viyaaksfaq/n09skbpwwk7m4vn122eufqzw4mgr.htm),. 

 

How can I confirm that the certificate generated by Let’s Encrypt is functioning properly? If the unsecured connection warning persists, please provide guidance on resolving this issue.

Thank you in advance for your assistance. 

 

The error info received from Microsoft Edge when accessing the URL is attached below.

Your connection isn't private

Attackers might be trying to steal your information from (redacted).(redacted).cloudapp.azure.com (for example, passwords, messages, or credit cards). Learn more about this warning

net::ERR_CERT_AUTHORITY_INVALID

Subject:

Issuer: sas-viya-root-ca-certificate

Expires on: Dec 24, 2024

Current date: Sep 25, 2024

PEM encoded chain:-----BEGIN CERTIFICATE-----

(redacted)

-----END CERTIFICATE-----

 

Reply
7 REPLIES 7
cj_blake
SAS Employee cj_blake
SAS Employee

Re: unsecured connection warning when accessing SASa Viya URL

Posted a week ago (392 views)  |   In reply to DQM

Hi @DQM I wonder whether or not you may have accidentally ticked the "set authorized IP ranges" box, but left an open range? Something like this:

 

cj_blake_0-1727377813636.png

That would be enough within our deployment mechanism to switch from using the Let's Encrypt certificate issuer to using self-signed certificates.

 

If you are using restricted IP ranges and you want to make the certificate warnings go away you can follow the instructions that we have published on importing the self-signed CA certificate into a certificate store.

 

0 Likes
Reply
DQM
Fluorite | Level 6 DQM
Fluorite | Level 6

Re: unsecured connection warning when accessing SASa Viya URL

Posted a week ago (384 views)  |   In reply to cj_blake

Hi cj_blake,

Thanks for helping me with trouble-shooting. 

I don't think I accidentally checked the box for setting authorized IP ranges during this deployment. 

To confirm this, I checked the "parameters and outputs" of the managed application (SAS Viya) in Azure. The boolean value for useIpAllowlist parameter is empty although ipAllowlist does show 0.0.0.0/0.  I believe if I selected authorized IP ranges during the deployment, the value for useIpAllowlist would be "True". 

 

DQM_0-1727378446738.png

 

0 Likes
Reply
cj_blake
SAS Employee cj_blake
SAS Employee

Re: unsecured connection warning when accessing SASa Viya URL

Posted a week ago (370 views)  |   In reply to DQM

Oh that's interesting. We check for an explicit "False" there. I don't know why that bool would be blank!

 

Have you tried doing another deployment?

0 Likes
Reply
DQM
Fluorite | Level 6 DQM
Fluorite | Level 6

Re: unsecured connection warning when accessing SASa Viya URL

Posted a week ago (359 views)  |   In reply to cj_blake

Good to know that the value of ipAllowlist should be "False" if I don't select authorized IP ranges. I will do another deployment without IP ranges selected and check the ipAllowlist after deployment. 

0 Likes
Reply
DQM
Fluorite | Level 6 DQM
Fluorite | Level 6

Re: unsecured connection warning when accessing SASa Viya URL

Posted a week ago (302 views)  |   In reply to cj_blake

I redeployed SAS Viya without authorized IP ranges and encountered the same unsecure connection issue. 

 

 

Authorized IP Ranges was not ticked (the name was redacted). 

DQM_1-1727446708108.png

 

 

no explicit "False" value for useIpAloowlist

DQM_0-1727446286597.png

 

0 Likes
Reply
DQM
Fluorite | Level 6 DQM
Fluorite | Level 6

Re: unsecured connection warning when accessing SASa Viya URL

Posted Friday (60 views)  |   In reply to cj_blake

Hi @cj_blake 

I just deployed the Oct version (Version: Stable 2024.09 Release: 20241004.1728056818357) and still have the same issue - the value of "useIpAllowlist" is not "False".  This leads to unsecure connection warning.

DQM_0-1728084446279.png

So, my current workaround is to import the self-signed CA certificate into a local certificate store by following the instruction here https://go.documentation.sas.com/doc/en/viyaakscdc/v_001/viyaakstasks/n1ecr6sfxugizan1fte2gtme0ro8.h....

Hope future release can fix this issue.

0 Likes
Reply
JuanS_OCS
Amethyst | Level 16 JuanS_OCS
Amethyst | Level 16

Re: unsecured connection warning when accessing SASa Viya URL

Posted Monday (179 views)  |   In reply to DQM

Hello @DQM ,

 

as far as I know this is not a Viya issue, but a general issue with client-server certificates.

 

I will keep the long story short: you need to generate supported CA-based certificates of which CA is in your client (browser/CLI/OS). 

If you will not generate CA-issued certificates but self-signed, you will need to import those certificates in the right certificate store of your client (browser/CLI/OS).

 

Only then the handshake works properly and the client and server and the connection will be seen and secure.

Reply

SAS Innovate 2025: Call for Content

Are you ready for the spotlight? We're accepting content ideas for SAS Innovate 2025 to be held May 6-9 in Orlando, FL. The call is open until September 25. Read more here about why you should contribute and what is in it for you!

Submit your idea!

Discussion stats
  • 7 replies
  • a week ago
  • 450 views
  • 2 likes
  • 3 in conversation