Guide SAS VIYA

Connecting SAS 9.4 to SAS Viya: Resolving SSL Certificate Import Errors

Simon 30/01/2024 9 views

Integrating an existing SAS© 9.4 environment (e.g., 9.4M5) with a SAS© Viya platform (like version 3.3) is a crucial step to enable users to submit code to the CAS (Cloud Analytic Services) server from classic interfaces like SAS© Enterprise Guide.

However, configuring the SAS© 9.4 Compute Server for secure communication with CAS can be tricky, especially during the security certificate import step. It is common to encounter path or format validation errors when using the SAS© Deployment Manager.

This article details the procedure to bypass common errors such as "Failed to validate the certificate path" or "Certificate file is not Base-64 encoded".

Illustration

The Problem

Standard documentation often suggests simply copying the certificate file (like vault-sas©-service-ca.crt or trustedcerts.pem) from the Viya server to the SAS© 9.4 server and importing it.

However, this direct method often fails with the SAS© Deployment Manager for two reasons:

  1. The file format: The raw file may contain comments or metadata that the import tool cannot parse.

  2. The trust chain: The order of the certificates (Root and Intermediate) is strict and must be respected for the validation to succeed.

The Solution: Create a Clean Certificate File

To successfully import the certificate, you must not use the raw file as is. It is necessary to manually create a new .pem file containing only the required blocks, in the correct order.

Here is the step-by-step procedure:

1. Retrieve the source file

On your SAS© Viya server, locate the trusted certificates file. It is usually found here: /opt/sas©/viya/config/etc/SASSecurityCertificateFramework/cacerts/trustedcerts.pem

2. Prepare the new import file

Open this file and create a new, blank text file (which you could name, for example, viya_import.pem).

You must copy only the two base-64 encoded text blocks corresponding to the following certificates:

Pay attention to the order! The SAS© Deployment Manager requires the intermediate certificate to be placed before the root certificate. The file must not contain any comments, only the tags and the code.

The structure of your new file should look exactly like this:

New Buffer RO
-----BEGIN CERTIFICATE-----
<Bloc de texte du certificat SAS VIYA Intermediate CA>
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
<Bloc de texte du certificat SAS VIYA Root CA>
-----END CERTIFICATE-----
~
~

3. Import via the Deployment Manager

  1. Transfer this new, clean file (viya_import.pem) to the SAS© 9.4 server.

  2. Launch the SAS© Deployment Manager on the 9.4 server.

  3. Select the option to add certificates to the Trusted CA Bundle.

  4. Point to your viya_import.pem file.

The import should now complete without any validation errors. Once this security step is passed, you can proceed to configure authentication (using an .authinfo or .netrc file) to finalize the connection between your environments.

Back to article list
Dans : Guide SAS VIYA
Mastering Resource Allocation in SAS Viya: An Expert's Guide to Launcher Contexts
21/12/2025 • 46
Optimizing the Data Step in SAS Viya: The Expert Guide
10/12/2025 • 42
SAS Viya Tutorial: Import a Headerless Text File and Rename Columns Dynamically
23/05/2022 • 9
View full category
References & Docs
Cloud Analytic Services Compute Server SAS Viya SAS 9
Copyright © WeAreCAS 2014-2026
SAS and all other SAS Institute Inc. product or service names are registered trademarks or trademarks of SAS Institute Inc. in the USA and other countries. ® indicates USA registration. WeAreCAS is an independent community site and is not affiliated with SAS Institute Inc.