SAS® jobs might encounter the error "ERROR: SSL Error: Cannot use private key file..." after you configure SAS® Workload Orchestrator for SSL


After you configure SAS Workload Orchestrator for SSL, SAS jobs might encounter this error:

ERROR: SSL Error: Cannot use private key file; please check your password.
ERROR: Unable to establish an SSL connection.


This issue can occur if the SAS/SECURE SSL environment variables are set in SAS-configuration-directory/Levn/Grid/sgmg_usermods.sh because these variables are inherited by the grid jobs that are being launched.

To circumvent the issue, use the USERMODS_OPTIONS environment variable to set these values instead of the individual environment variables. Here is an example:

UNIX:

USERMODS_OPTIONS='-SSLCALISTLOC "<path-to-SASHome>/SASSecurityCertificateFramework/1.1/cacerts/trustedcerts.pem" \
                  -SSLCERTLOC "<path-to-PEM-file-containing-server-certificate>" \
                  -SSLPVTKEYLOC "<path-to-PEM-file-containing-server-private-key>" \
                  -SSLPVTKEYPASS "<server-private-key-password-if-used>" 

Windows:

set USERMODS_OPTIONS=-SSLCERTISS <issuer-name> -SSLCERTSERIAL <certificate-serial>

After making the changes, restart the SAS Workload Orchestrator process on each grid node using SAS-configuration-directory/Lev/Grid/gridStop.py and gridStart.py. Or you can run sgmg.sh stop on each grid host and then sgmg.sh start on each grid host.