In this article, I will provide you with a straightforward guide on how to change SSL certificates for SAS (Statistical Analysis System) in just a few simple steps. SAS is a widely used software suite for advanced analytics, and ensuring the security of data transmission is crucial in today’s digital landscape. By replacing SSL certificates, you can enhance the security of your SAS environment. This process involves a series of well-defined steps, including generating new certificates, updating configurations, and ensuring seamless continuity of services. Following this guide will enable you to maintain the confidentiality and integrity of your data while keeping your SAS system up and running smoothly.
Ensure you have your new certificates
To ensure maximum security for your website or application, it is essential to generate SSL certificates, including a public key, private key, and certification authority (CA) chains. The public key is used to encrypt data sent from clients to your server, while the private key is employed to decode this data on the server side. If the certificate is self-signed, it is advisable to use at least rsa:4096 and sha256 as the algorithms, ensuring a high level of security and protection against potential data breaches.Creating SSL certificates is a fundamental step in providing protection for your users and data. These certificates establish a cryptographic connection between the client’s browser and your server, ensuring data privacy and integrity over the internet. Do not underestimate the importance of correctly configuring and managing SSL certificates to guarantee the security and trustworthiness of your users.
You need public key as .cer, private as .key, and CA (root and intermediate) with .cer.
STOP all SAS 9.4 services
No matter if you are in SAS multiple server instances installation or single server installation, you should first stop all SAS services in the correct order, provided in your installation documents.
Change your SAS Webserver configuration files
In the server where your Web Server is installed, find the file sas-config-folder/config/Lev1/Web/WebServer/conf/extra/httpd-ssl.conf
Open the file and locate the following lines:
-SSLCertificateFile “ssl/myhost.crt”
-SSLCertificateKeyFile “ssl/myhost.key”
-SSLCertificateChainFile “ssl/myhost.crt”
Here you can change the path to your new SSL files. Please, keep in mind, that the new files should be with read permissions to the SAS Installation user. This normally is sasinst. Read your installation docs for more information.
Change the paths to the new SSL files, and save the configuration file.
Manage the certificates to the SAS Deployment manager
Once, you finished with adding the certificates to the Web Server’s configuration file, you should add them also to every machine in your setup. The order is not crutial, so open the SAS Deployment Manager and:
– If you was previously installed the SSL certificates, first go trought the servers an remove the CA. One by one:
– If you removed the previus certificates, or you did not add them before at all, then add the new CA:
Keep in mind, that you need the 3 certificates – CA root, CA intermediate, Public.
Start the SAS services again
Follow your installation documentation on how to start SAS services.
Enjoy your new SAS SSL certificates. And if you need more help, type in the comments. 🙂