70846 - SAS® 9.4M8 (TS1M8) client connections to SAS® Cloud Analytic Services fail with the error "Missing CA trust list"

Problem Note 70846: SAS® 9.4M8 (TS1M8) client connections to SAS® Cloud Analytic Services fail with the error "Missing CA trust list"

In SAS 9.4 M8, connections to SAS Cloud Analytic Services (CAS) in SAS^® Viya^® fail with an error similar to the following:

ERROR: The TCP/IP negClientSSL support routine failed with status 807ff013.

ERROR: SSL Error: Missing CA trust list

The error occurs even when the necessary CA certificates have been added to the SAS trusted CA bundle as described in Manage Certificates in the Trusted CA Bundle Using the SAS Deployment Manager in Encryption in SAS® 9.4.

To circumvent the problem, set the CAS_CLIENT_SSL_CA_LIST environment variable using the path to a file that contains all the necessary CA certificates. In most cases, the value is the same as the SSLCALISTLOC system option value.

Here is an example:

1. Use PROC OPTIONS to display the SSLCALISTLOC value in your SAS 9.4 environment:

  1? proc options option=SSLCALISTLOC; run;

    SAS (r) Proprietary Software Release 9.4  TS1M8

SSLCALISTLOC=/opt/sas/home/SASSecurityCertificateFramework/1.1/cacerts/trustedcerts.pem

 

The exact path depends on how the environment was deployed and might differ from the path shown above.

2. Use your SSLCALISTLOC path as the setting for the CAS_CLIENT_SSL_CA_LIST environment variable. You can use the SET system option in your SAS programs:

options set=CAS_CLIENT_SSL_CA_LIST=/opt/sas/home/SASSecurityCertificateFramework/1.1/cacerts/trustedcerts.pem;

Or you can set the environment variable globally for all SAS sessions in the SASFoundation/9.4/bin/sasenv_local file as follows:

export CAS_CLIENT_SSL_CA_LIST=/opt/sas/home/SASSecurityCertificateFramework/1.1/cacerts/trustedcerts.pem

Click the Hot Fix tab in this note to access the hot fix for this issue.

Operating System and Release Information

Product Family	Product	System	Product Release		SAS Release
Product Family	Product	System	Reported	Fixed*	Reported	Fixed*
SAS System	Base SAS	64-bit Enabled AIX	9.4_M8		9.4 TS1M8
		64-bit Enabled Solaris	9.4_M8		9.4 TS1M8
		HP-UX IPF	9.4_M8		9.4 TS1M8
		Linux for x64	9.4_M8		9.4 TS1M8
		Solaris for x64	9.4_M8		9.4 TS1M8

* For software releases that are not yet generally available, the Fixed Release is the software release in which the problem is planned to be fixed.

Type:	Problem Note
Priority:	high

Date Modified:	2024-08-09 10:41:26
Date Created:	2024-06-21 16:57:04

Support

Problem Note 70846: SAS® 9.4M8 (TS1M8) client connections to SAS® Cloud Analytic Services fail with the error "Missing CA trust list"

Operating System and Release Information