TLS on Windows: Validating Certificates between Clients and Servers

Clients and servers exchange and validate each other’s digital certificates. The following provides some details.
  1. Digital certificates for the CA, the server, and the client are generated and imported into the appropriate Certificate Store. Refer to TLS on Windows: Setting Up Digital Certificates .
  2. The Windows client verifies the TLS-enabled server’s certificate against the Certificate Authority (CA) list. The client has to know about all of the CAs in the server’s certificate chain in order to validate the server certificate. The Windows CA certificate is installed using Microsoft Certificate Services. The certificate must be a trusted root certificate in the user or machine certificate store.
  3. The client connects to a TLS-enabled server.
  4. The TLS-enabled server sends its certificate to the client. The Window’s server certificate is installed using Microsoft Certificate Services and is located in the user or machine certificate store. SAS uses the SSLCERTISS/SSLCERTSERIAL or the SSLCERTSUBJ/ SSLCERTISS system options to locate the server certificate.
    The system options are specified in the server's invocation command. For more information, see SAS System Options for Encryption.
  5. The server can also validate the client’s certificates. Refer to the previous steps.
Copyright © SAS Institute Inc. All Rights Reserved.