SSLCALISTLOC= points
to one file that contains a list of root certificates. Environment
variables SSLCACERTDIR and SSL_CERT_DIR point to a directory that
contains all of the public certificate files of all CAs in the trust
chain. One file exists for each CA in the trust chain.
Certificates must be
in one of the following locations:
-
All certificates must be in one file in
PEM format that is referenced by the SSLCALISTLOC= system option. The system options
are specified in the server's invocation command.
In
the third maintenance release of SAS 9.4, the sasv9.cfg
file in UNIX deployments includes the SSLCALISTLOC option for server
side processes to use for certificate validation. In the
<SASHome>/SASFoundation/9.4/sasv9.cfg file,
the SSLCALISTLOC option now points to
<SASHome>/SASSecurityCertificateFramework/1.1/cacerts/trustedcerts.pem.
The file where the trusted certificates reside is named trustedcacerts.pem.
For syntax, see SSLCALISTLOC= System Option.
-
On UNIX, all certificates must
be in an OpenSSL CA certificates directory pointed to by the SSL_CERT_DIR
or SSLCACERTDIR environment variables.
SSL_CERT_DIR is the OpenSSL environment variable and SSLCACERTDIR is the SAS environment
variable. The layout of this directory is specified by OpenSSL where the certificates
are in PEM format.
If you use SSL_CERT_DIR
or SSLCACERTDIR, create a link to the file named after the certificate’s
hash value.
$ ln -s SAS-configuration-directory/certs/cacert1.pem
'openssl x509 -noout -hash -in
SAS-configuration-directory/certs/cacert.pem'.0
Note: You must add ".0"
to the hash value.