68114 - Logging on to SAS® Studio V fails and the launcher server log shows the message "SSL Error: Missing CA trust list"

Problem Note 68114: Logging on to SAS® Studio V fails and the launcher server log shows the message "SSL Error: Missing CA trust list"

When you try to log on to SAS Studio V, the following error occurs:

Failed to authenticate to Launcher Server

In this scenario, the launcher server logs show an error message similar to the following:

2021-05-24T09:29:48,500 TRACE [00000019] App.tk.eam.ssl.openssl102 (sslopenssl2.c:1784) - checkCertPathFile: Enter, cipher=0x7f8bbdd75220, certPath=/opt/sas/spre/home/SASSecurityCertificateFramework, path=cacerts/trustedcerts.pem
2021-05-24T09:29:48,501 DEBUG [00000019] App.tk.eam.ssl.openssl102 (sslopenssl2.c:3940) - loadCACerts: CA List location not defined.
2021-05-24T09:29:48,501 DEBUG [00000019] App.tk.eam.ssl.openssl102 (sslopenssl2.c:2288) - ClientContextInit: Cannot load CA cert info.
2021-05-24T09:29:48,501 ERROR [00000019] App.tk.tcp.ssl (skstssl.c:1291) - Secure communications error status 807ff013 description "172.16.68.11: SSL Error: Missing CA trust list"

This issue most likely occurs due to one of the following:

SAS^® Viya^® was re-deployed in the environment and the deploy-cleanup.yml playbook was not run to clean or uninstall SAS Viya prior to re-installing.
The sas-certframe1.rpm was removed.

If the sas-certframe1.rpm was not installed or is missing during deployment, the certificate files that are needed in /opt/sas/spre/config/etc/SASSecurityCertificateFramework/ are never created.

As a workaround, perform the following steps to install the missing RPM and create the needed files:

Run the following command to create a text file that lists all the RPM packages to check if the sas-certframe1.rpm file is missing:

sudo rpm -qg SAS > /sas/install/viya_rpms.txt

Review the /sas/installviya_rpms.txt file and search for the sas-certframe1 rpm file. If it does not exist, you must install it:

yum install sas-certframe1

Create the following directory path if it does not already exist:

/opt/sas/spre/config/etc/SASSecurityCertificateFramework/cacerts

Installing the package does not copy some of the needed files into the new location that was created. Make a backup of the following directory:

/opt/sas/viya/config/etc/SASSecurityCertificateFramework/cacerts/

Copy the files from /opt/sas/viya/config/etc/SASSecurityCertificateFramework/cacerts/ into the /opt/sas/spre/config/etc/SASSecurityCertificateFramework/cacerts/ directory.
Make sure that the permissions and ownership of the newly copied files are correct. They should be as follows: -rw-r--r-- sas:sas
Restart SAS Services.

Operating System and Release Information

Product Family	Product	System	Product Release		SAS Release
			Reported	Fixed*	Reported	Fixed*
SAS System	SAS Viya	Linux for x64	3.5		Viya

* For software releases that are not yet generally available, the Fixed Release is the software release in which the problem is planned to be fixed.

Type:	Problem Note
Priority:	medium

Date Modified:	2021-07-07 08:12:46
Date Created:	2021-07-02 10:37:03

Support

Problem Note 68114: Logging on to SAS® Studio V fails and the launcher server log shows the message "SSL Error: Missing CA trust list"

Operating System and Release Information