Problem Note 64284: SAS® Viya® microservices fail to start with a message indicating that there was a problem with the trustedcerts.pem file
SAS Viya microservices fail to start. When you encounter this issue, the logs contain a message similar to the following:
org.postgresql.util.PSQLException: Loading the SSL root certificate /opt/sas/viya/config/etc/SASSecurityCertificateFramework/cacerts/trustedcerts.pem into a TrustManager failed.
To identify the source of the problem, examine the .pem file that was identified in the error message. For example, the file might be something similar to /opt/sas/viya/config/etc/SASSecurityCertificateFramework/cacerts/trustedcerts.pem. Each certificate block in the file should be wrapped in BEGIN CERTIFICATE and END CERTIFICATE tags as shown in this example:
-----BEGIN CERTIFICATE-----
MIIClDCCAhqgAwIBAgIILCmcWxbtBZUwCgYIKoZIzj0EAwIwfzELMAkGA1UEBhMC
VVMxDjAMBgNVBAgMBVRleGFzMRAwDgYDVQQHDAdIb3VzdG9uMRgwFgYDVQQKDA9T
U0wgQ29ycG9yYXRpb24xNDAyBgNVBAMMK1NTTC5jb20gRVYgUm9vdCBDZXJ0aWZp
Y2F0aW9uIEF1dGhvcml0eSBFQ0MwHhcNMTYwMjEyMTgxNTIzWhcNNDEwMjEyMTgx
NTIzWjB/MQswCQYDVQQGEwJVUzEOMAwGA1UECAwFVGV4YXMxEDAOBgNVBAcMB0hv
dXN0b24xGDAWBgNVBAoMD1NTTCBDb3Jwb3JhdGlvbjE0MDIGA1UEAwwrU1NMLmNv
bSBFViBSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5IEVDQzB2MBAGByqGSM49
AgEGBSuBBAAiA2IABKoSR5CYG/vvw0AHgyBO8TCCogbR8pKGYfL2IWjKAMTH6kMA
VIbc/R/fALhBYlzccBYy3h+Z1MzFB8gIH2EWB1E9fVwHU+M1OIzfzZ/ZLg1Kthku
WnBaBu2+8KGwytAJKaNjMGEwHQYDVR0OBBYEFFvKXuXe0oGqzagtZFG22XKbl+ZP
MA8GA1UdEwEB/wQFMAMBAf8wHwYDVR0jBBgwFoAUW8pe5d7SgarNqC1kUbbZcpuX
5k8wDgYDVR0PAQH/BAQDAgGGMAoGCCqGSM49BAMCA2gAMGUCMQCK5kCJN+vp1RPZ
ytRrJPOwPYdGWBrssd9v+1a6cGvHOMzosYxPD/fxZ3YOg9AeUY8CMD32IygmTMZg
h5Mmm7I1HrrW9zzRHM76JTymGoEVW/MSD2zuZYrJh6j5B+BimoxcSg==
-----END CERTIFICATE-----
A certificate block that is missing a BEGIN CERTIFICATE or END CERTIFICATE tag indicates that truncation has occurred. These missing tags lead to an invalid certificate in the file as shown in this example:
WnBaBu2+8KGwytAJKaNjMGEwHQYDVR0OBBYEFFvKXuXe0oGqzagtZFG22XKbl+ZP
MA8GA1UdEwEB/wQFMAMBAf8wHwYDVR0jBBgwFoAUW8pe5d7SgarNqC1kUbbZcpuX
5k8wDgYDVR0PAQH/BAQDAgGGMAoGCCqGSM49BAMCA2gAMGUCMQCK5kCJN+vp1RPZ
ytRrJPOwPYdGWBrssd9v+1a6cGvHOMzosYxPD/fxZ3YOg9AeUY8CMD32IygmTMZg
h5Mmm7I1HrrW9zzRHM76JTymGoEVW/MSD2zuZYrJh6j5B+BimoxcSg==
-----END CERTIFICATE-----
To work around the problem, manually remove the truncated certificate block from the trustedcerts.pem file and restart the failing service. Alternatively, use the sas_viya_playbook/utility/rebuild-trust-stores.yml playbook to rebuild all certificate files.
Click the Hot Fix tab in this note for a link to instructions about accessing and applying the software update.
Operating System and Release Information
SAS System | SAS Viya | Linux for x64 | 3.4 | | | |
Microsoft® Windows® for x64 | 3.4 | | | |
*
For software releases that are not yet generally available, the Fixed
Release is the software release in which the problem is planned to be
fixed.
When SAS Viya microservices fail to start, check the log for a message similar to the following: "org.postgresql.util.PSQLException: Loading the SSL root certificate /opt/sas/viya/config/etc/SASSecurityCertificateFramework/cacerts/trustedcerts.pem into a TrustManager failed."
Type: | Problem Note |
Priority: | high |
Date Modified: | 2019-06-20 09:35:43 |
Date Created: | 2019-06-03 18:10:25 |