 |
|
| Encryption Technologies: Examples |
SSL for SAS/SHARE under UNIX: Example
| Startup of a Multi-User SAS/SHARE Server |
After certificates for the CA, the server, and the client have been generated, and a CA trust list for the client has been created, you can start a SAS/SHARE server.
Here is an example of starting a secured SAS/SHARE server:
%let tcpsec=_secure_; options netencryptalgorithm=ssl; options sslcertloc="/users/johndoe/certificates/server.pem"; options sslpvtkeyloc="/users/johndoe/certificates/serverkey.pem"; options sslpvtkeypass="password"; proc server id=shrserv authenticate=opt; run;
The following table lists the SAS option or statement that is used for each task to start a server.
| SAS Options and Statements | Server Start-Up Tasks |
|---|---|
| TCPSEC= _SECURE_ | Secures the server |
| NETENCRALG=SSL | Specifies SSL as the encryption algorithm |
| SSLCERTLOC=server.pem | Specifies the filepath for the location of the server's certificate |
| SSLPVTKEYLOC=serverkey.pem | Specifies the filepath for the location of the server's private key |
| SSLPVTKEYPASS="password" | Specifies the password to access server's private key |
| PROC SERVER ID=shrserv | Starts the server |
| AUTHENTICATE=opt | Allow trusted users to access the server without authentication. |
Note: As an
alternative to using the SSLPVTKEYPASS=
option to protect the private key, you might prefer that the private key remain
unencrypted, and use the file system permissions to prevent read and write
access to the file that contains the private key. To store the private key
without encrypting it, use the -NODES option when requesting the certificate. ![[cautionend]](../../../../common/63294/HTML/default/images/cautend.gif)
| SAS/SHARE Client Access of a SAS/SHARE Server |
After a SAS/SHARE server has been started, the client can access it.
Here is an example of how to make a client connection to a secured SAS/SHARE server:
options sslcalistloc="/users/johndoe/certificates/cacerts.pem"; %let machine=apex.server.com; libname a '.' server=machine.shrserv user=_prompt_;
The following table lists the SAS options that are used to access a SAS/SHARE server from a client.
| SAS Options and Arguments | Client Access Tasks |
|---|---|
| SSLCALISTLOC=cacerts.pem | Specifies the CA trust list |
| SERVER=machine.shrserv | Specifies the machine and server to connect to |
| USER=_PROMPT_ | Prompts for the user ID and password to be used for authenticating the client to the server |
The server-ID and the server's Common Name, which was specified in the server's certificate, must be identical.
|
|
Copyright © 2010 by SAS Institute Inc., Cary, NC, USA. All rights reserved.