TLS for SAS/SHARE on UNIX: Example

Start-up of a Multi-UserSAS/SHARE Server

After certificates for the CA, the server, and the client have been generated, and a CA trust list for the client has been created, you can start a SAS/SHARE server.
Here is an example of starting a secured SAS/SHARE server:
%let tcpsec=_secure_;
options netencryptalgorithm=ssl;
options sslcertloc="/users/johndoe/certificates/server.pem";
options sslpvtkeyloc="/users/johndoe/certificates/serverkey.pem";
options sslpvtkeypass="password";
proc server id=shrserv; 
run;
The following table lists the SAS option or statement that is used for each task to start a server.
SAS Options and Statements for Server Start-Up Tasks
SAS Options and Statements
Server Start-Up Tasks
TCPSEC= _SECURE_
Secures the server
NETENCRALG=SSL
Specifies SSL as the encryption algorithm
SSLCERTLOC=server.pem
Specifies the filepath for the location of the server's certificate
SSLPVTKEYLOC=serverkey.pem
Specifies the filepath for the location of the server's private key
SSLPVTKEYPASS="password"
Specifies the password to access server's private key
PROC SERVERID=shrserv
Starts the server
Note: As an alternative to using the SSLPVTKEYPASS= option to protect the private key, you might prefer that the private key remain unencrypted, and use the file system permissions to prevent Read and Write access to the file that contains the private key. To store the private key without encrypting it, use the-NODES option when requesting the certificate.

SAS/SHARE Client Access of a SAS/SHARE Server

After a SAS/SHARE server has been started, the client can access it.
Here is an example of how to make a client connection to a secured SAS/SHARE server:
options sslcalistloc="/users/johndoe/certificates/cacerts.pem";
%let machine=apex.server.com;
libname a '.' server=machine.shrserv user=_prompt_;
The following table lists the SAS options that are used to access a SAS/SHARE server from a client.
SAS Options and Arguments Tasks for Accessing a SAS/SHARE Server from a Client
SAS Options and Arguments
Client Access Tasks
SSLCALISTLOC=cacerts.pem
Specifies the CA trust list
SERVER=machine.shrserv
Specifies the machine and server to connect to
USER=_PROMPT_
Prompts for the user ID and password to be used for authenticating the client to the server
The server-ID and the server's Common Name, which was specified in the server's certificate, must be identical.