Reference Citations - HerongYang.com - v2.91, by Dr. Herong Yang
Hardening a SAS Installation on a multi tier installation on Linux
'OpenSSL Signing CSR Generated by keytool' tutorial was cited in a SAS Global Forum 2013 paper in 2013.
The "OpenSSL" Signing CSR Generated by "keytool" tutorial was cited in a SAS Global Forum 2013 paper in 2013.
Subject: Hardening a SAS Installation on a multi tier installation on Linux Date: Apr 10, 2013 Author: Jan Bigalke Source: http://support.sas.com/resources/papers/proceedings13 /481-2013.pdf ABSTRACT The security requirements of today require in some use cases the hardening of a SAS® Installation. This paper describes the practical steps of securing the SAS web applications and the impact to the Base SAS® Services on the SAS compute tiers. The SAS Enterprise BI Server will be the object of this explanation. The principals of a secure architecture will be described and the options to secure the individual components presented. ... TLS CONFIGURATION Transport Layer Security (TLS) is a cryptographic protocol that secures the communication on the application layer. In the proposed architecture approach TLS/SSL is used to secure the communication with the reverse proxy. To provide a convenient approach for the users of the SAS Installation we will use signed certificates. The use of self signed certificates has the disadvantage of end users having to accept an exception to use the SAS Services. For a signed certificate a CA (Certificate Authority) is necessary. The browser needs only the certificates from the CA and not the explicit ones of the reverse proxy. For TLS/SSL a certificate signing request (CSR) is a method to get a signed certificate. This request can be generated with openssl6. In addition, the signing of the CSR can be done with openssl. In this case the openssl x509 –req command is used. In this case the access to CA Key is necessary. Commands to create a CSR: Request and sign this CSR request ... 6 http://linux.about.com/od/ubusrv_doc/a/ubusg25t12.htm 7 http://www.herongyang.com/crypto/OpenSSL_Signing_keytool_CSR_4.html 8 http://support.sas.com/resources/thirdpartysupport/v92m3/appservers /ApacheProxyJBoss.pdf
Table of Contents