Analytiks Logo
Back to Tech Corner
SAS Admin

(Apr 2023) SAS Admin – How to Configure SSL/TLS for SAS Studio Basic

SAS Studio comes in three versions. Based on your SAS Software order, usually with a solution SAS Studio Midtier comes bundled. The other two versions are SAS Studio Personal and SAS Studio Basic. If you wish to know what SAS Studio version you have, simply logon and navigate to Help > About and the version shows.

By default SAS Studio is not set up with TLS/SSL or encryption between the web application server and the SAS Workspace Server. For the SAS Studio Midtier, the SSL implementation would be the standard process as documented by SAS for its solutions. This article focuses on SSL implementation for SAS Studio Basic.

The commands below use a self-signed SSL certificate, you may replace or use a site signed or an official certificate authority (CA). Using self-signed SSL certificate, may generate a warning which you could address by configuring your browser to trust the self-signed certificate for SAS Studio web application.

Steps to Implement SSL for SAS Studio (WIN Platform)

Step One: Generate Certificate

  1. Open DOS cmd shell as administrator
  2. Navigate to SASHome\SASPrivateJavaRunTimeEnvironment\9.4\jre\bin
  3. At CMD prompt run the following (specify values for KEYSTORE, STOREPASS, and KEYPASS)
keytool -genkey -alias studio -keyalg RSA
-keystore C:\sas\studioconfig\appserver\studio\conf\studio.keystore
-storepass password-for-keystore -keypass password-for-private-key
-validity 360 -keysize 2048

Where:

  • Keystore: Full path to studio.keystore default location is in studioconfig directory, standard path is c:\sas\studioconfig (replace with your site specific install location).
  • Storepass & Keypass: Must be identical. Storepass is the password for the keystore and keypass is password for your private key.
  • Note: Your organization details may be required during self-signed SSL certification generation.

Step Two

Change permission on the keystore file (studio.keystore) to be readable by appropriate group or users. READ/WRITE is the appropriate permission.

Step Three

In STUDIO_CONFIG_Directory/appserver/studio/conf/server.xml make the following changes (highlighted code for the Connector element):

<Connector acceptCount="100"
  connectionTimeout="20000"
  executor="tomcatThreadPool"
  keystoreFile="${catalina.base}/conf/studio.keystore"
  keystorePass="password"
  keyAlias="studio"
  maxKeepAliveRequests="15"
  port="38443"
  protocol="org.apache.coyote.http11.Http11Protocol"
  redirectPort="38443"
  SSLEnabled="true"
  scheme="https"
  secure="true" />

Note: Keystore Password was generated in step one.

Step Four

Restart Web Application Server: In WIN environment → Local services → re-start SASStudioWebAppServer

Step Five

Navigate to SAS Studio URL and update the port to 38443 and proceed with logging in.

View All Articles