Certificate Locations

SSLCALISTLOC= points to one file that contains a list of root certificates. Environment variables SSLCACERTDIR and SSL_CERT_DIR point to a directory that contains all of the public certificate files of all CAs in the trust chain. One file exists for each CA in the trust chain.
Certificates must be in one of the following locations:
  • All certificates must be in one file in PEM format that is referenced by the SSLCALISTLOC= system option. The system options are specified in the server's invocation command.
    In the third maintenance release of SAS 9.4, the sasv9.cfg file in UNIX deployments includes the SSLCALISTLOC option for server side processes to use for certificate validation. In the <SASHome>/SASFoundation/9.4/sasv9.cfg file, the SSLCALISTLOC option now points to <SASHome>/SASSecurityCertificateFramework/1.1/cacerts/trustedcerts.pem. The file where the trusted certificates reside is named trustedcacerts.pem. For syntax, see SSLCALISTLOC= System Option.
  • On UNIX, all certificates must be in an OpenSSL CA certificates directory pointed to by the SSL_CERT_DIR or SSLCACERTDIR environment variables.
    SSL_CERT_DIR is the OpenSSL environment variable and SSLCACERTDIR is the SAS environment variable. The layout of this directory is specified by OpenSSL where the certificates are in PEM format.
    If you use SSL_CERT_DIR or SSLCACERTDIR, create a link to the file named after the certificate’s hash value.
    $ ln -s SAS-configuration-directory/certs/cacert1.pem 
    'openssl x509 -noout -hash -in 
    SAS-configuration-directory/certs/cacert.pem'.0
    Note: You must add ".0" to the hash value.