 |
|
| Encryption Technologies: Examples |
SSL for a SAS/CONNECT Windows Spawner: Example
| Startup of a Windows Spawner on a Single-User SAS/CONNECT Server |
After digital certificates for the CA, the server, and the client have been generated and imported into the appropriate Certificate Store, you can start a spawner program that runs on a server that SAS/CONNECT clients connect to.
Here is an example of how to start a Windows spawner on a SAS/CONNECT server:
spawner -security -netencryptalgorithm ssl -sslcertsubj "apex.pc.com" -sascmd mysas.bat
The following table shows the SAS commands that are used to start a spawner on a SAS/CONNECT single-user server.
| SAS Command and Arguments | Function |
|---|---|
| spawner | Starts the spawner |
| -security | Specifies the requirement that a client provide a user name and password to access the spawner |
| -netencryptalgorithm ssl | Specifies the SSL encryption algorithm |
| -sslcertsubj "apex.pc.com" | Specifies the subject name that is used to search for a certificate from the Microsoft Certificate Store |
| -sascmd mysas.bat | Specifies the name of an executable file that starts a SAS session when you sign on without a script file |
In order for the Windows spawner to locate the appropriate server digital certificate in the Microsoft Certificate Store, you must specify the -SSLCERTSUBJ system option in the script that is specified by the -SASCMD option. -SSLCERTSUBJ specifies the subject name of the digital certificate that SSL should use. The subject that is assigned to the -SSLCERTSUBJ option and the computer that is specified in the client signon must be identical.
If the Windows spawner is started as a service, the -SERVPASS and -SERVUSER options must also be specified in the Windows spawner start-up command in order for SSL to locate the appropriate CA digital certificate.
For complete information about starting a Windows spawner, see Communications Access Methods for SAS/CONNECT and SAS/SHARE.
| Connection of a SAS/CONNECT Client to a Windows Spawner on a SAS/CONNECT Server |
After a spawner has been started on a SAS/CONNECT server, a SAS/CONNECT client can connect to it.
Here is an example of how to make a client connection to a Windows spawner that is running on a SAS/CONNECT server:
options comamid=tcp netencryptalgorithm=ssl; %let machine=apex.pc.com; signon machine user=_prompt_;
The computer that is specified in the client signon and the subject (the -SSLCERTSUBJ option) that is specified at the server must be identical.
The following table shows the SAS options that are used to connect to a Windows spawner that runs on a SAS/CONNECT server.
| SAS Options, Statements, and Arguments | Function |
|---|---|
| COMAMID=tcp | Specifies the TCP/IP access method |
| NETENCRYPTALGORITHM=ssl | Specifies the encryption algorithm |
| SIGNON=server-ID | Specifies which server to connect to |
| USER=_PROMPT_ | Prompts for the user ID and password to be used for authenticating the client to the server |
The server-ID and the server's Common Name, which was specified in the server's digital certificate, must be identical.
|
|
Copyright © 2010 by SAS Institute Inc., Cary, NC, USA. All rights reserved.