SAS® environment-definition errors can occur within SAS® Enterprise Miner(tm) due to an SSLHandShakeException error


When you launch or attempt to log on to SAS Enterprise Miner in an SSL enabled environment, you might encounter one of the following SAS® environment definition errors:

The application was unable to load the SAS environment definitions. The file location or file contents might be invalid.
The application could not find a valid SAS environment to use.
The application has encountered an unexpected problem with the selected SAS environment.

One common cause is an SSLHandShakeException error that occurs when the SAS Enterprise Miner client fails to make successful HTTPS connections to the SAS® middle tier:

ERROR com.sas.swing.login.visual.SwingEnvironmentLogonManager  - Unexpected exception when processing environment default
org.springframework.remoting.RemoteAccessException: Could not access HTTP invoker remote service at [https://mid-tierhostname.sas.com/SASWIPClientAccess/remote/svcs.UrlGeneratorService]; nested exception is javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

   at org.springframework.remoting.httpinvoker.HttpInvokerClientInterceptor.
convertHttpInvokerAccessException(HttpInvokerClientInterceptor.java:213)
   at org.springframework.remoting.httpinvoker.HttpInvokerClientInterceptor.
invoke(HttpInvokerClientInterceptor.java:145)
...

Check whether you are encountering the SSLHandShakeException by following the SAS note that corresponds to your variety of SAS Enterprise Miner:

If you are using an installed SAS Enterprise Miner Client application, then follow the Launching em_console and collecting diagnostic output section of SAS Note 56002:"Collecting diagnostic output from SAS® Enterprise Miner(tm) Client or SAS Enterprise Miner Workstation with em_console". Examine the em_console output that is generated by the SAS environment definition error.

If you are using SAS Enterprise Miner via Java Web Start, then follow SAS KB0036243, "How to enable logging when SAS® Enterprise Miner™ is launched from Java Web Start (JWS)." Examine the Java console output that is generated by the SAS environment definition error.

 

The SSLHandShakeException occurs when the client-side Java Runtime Environment (JRE) truststore is missing the SSL certificate(s) that is required to make successful HTTPS connections to the SAS middle tier. Work with your SAS administrator and follow one of the steps below to import the certificate(s) into the appropriate JRE truststore:

If you are running an installed SAS Enterprise Miner Client 14.1 or newer application, then use SAS® Deployment Manager on the client machine to add your SSL certificate(s) to the trusted CA bundle. Follow the Add Your Certificates to the Trusted CA Bundle section of Encryption in SAS® 9.4, Sixth Edition. Following that section imports the certificate(s) to the client machine's SAS Private JRE "jssecacerts" truststore for you.

If you are running an installed SAS Enterprise Miner Client application prior to 14.1, then follow only Step 6 of SAS® 9.4 Intelligence Platform: Middle-Tier Administration Guide, Fourth Edition. Use the keytool command on the client machine to import your SSL certificate(s) to its SAS Private JRE "cacerts" truststore. 

If you are running SAS Enterprise Miner via Java Web Start (any release), then use the keytool command on the client machine. Import your SSL certificate(s) to the public third-party Oracle JRE that is used on the client machine. See Oracle documentation about the keytool command for more information: keytool - Key and Certificate Management Tool.

 

If you need further assistance with adding/importing the certificates via SAS Deployment Manager or keytool command, then contact SAS Technical Support with the following information: