Preparation for Setting Up Digital Certificates :: Encryption in SAS® 9.4, Sixth Edition

The process of setting up TLS on UNIX involves setting up Digital Certificates. The following are steps that you need to take and information that you need to know to request digital certificates and to add the certificates to a CA trust list of certificates.

In the third maintenance release of SAS 9.4, the process for adding certificates to the trusted CA list has been made easier. You can now use the SAS Deployment Manager at SAS installation to add your existing digital certificates to the Trusted Certificate Bundle of Mozilla certificates (trustedcerts.pem). For more information, see Add Your Certificates to the Trusted CA Bundle.

Here is much of the process that needs to happen to set up digital certificates:

If your server comes with an instance of OpenSSL, locate that directory. You will need that information to set UNIX environment variable OPENSSL_CONF=.
Create a system (database or other) to keep track of your signed certificates.
Create an openssl.cnf file. This is optional. This file stores the locations of your CA keys. For a partial example of this file, see Example of an OpenSSL.cnf File .
To prepare the certificate(s) to add to the trusted CA bundle, you can, as needed, create a root certificate. See Setting Up Digital Certificates Using OpenSSL .
To prepare the certificate(s) to add to the trusted CA bundle, you can, as needed, create a certificate trust list and verify it using the instructions provided. See Step 5. Create a Certificate Chain in PEM Format Using OpenSSL and Step 6. Verify Certificates in the Trust Chain Using OpenSSL.
Use the SAS Deployment Manager after SAS installation to add your root and intermediate certificates to the trusted CA bundle and validate the certificates. See Add Your Certificates to the Trusted CA Bundle.