Import the existing certificate authority (CA) certificates

You must import the existing certificates from the external certificate authority (CA) into your IBM® Cognos® Analytics with Watson keystore.

The import must be done on each computer where the following Cognos Analytics components are installed: Content Manager, the Application Tier Components, the gateway, and the client components such as Framework Manager, and other components if you use them.

Before you begin

Ensure that:

  • The existing keystore is deleted.
  • Your administrator provided you with the certificate and private key in a single pkcs12/pfx file.

About this task

If you changed the Key store password in IBM Cognos Configuration, under Cryptography > cryptographic_provider_name, use the new password as the keystore_password when running the ThirdPartyCertificateTool commands below. The default password is NoPassWordSet.

Procedure

  1. Go to the location where you saved the pkcs12/pfx file, and do the following:
    1. Create a copy of the pkcs12/pfx file, and name it encryptCertificate.pfx.
    2. Create a copy of the root CA certificate, and name it ca.cer.
    3. Copy encryptCertificate.pfx and ca.cer to the install_location/bin directory.
  2. Start a command prompt and go to the Cognos Analytics install_location/bin directory.
  3. Type the following command to import the CA root certificate into the Cognos Analytics truststore:
    • On UNIX or Linux® operating systems, type
      ThirdPartyCertificateTool.sh -i -T -r ca.cer -p keystore_password
    • On Windows operating systems, type
      ThirdPartyCertificateTool.bat -i -T -r ca.cer -p keystore_password
    The command reads the ca.cer file and imports the contents into the CAMKeystore file in the certs directory using the specified password.
  4. Optional: If you have intermediate CA certificates, import all the intermediate certificates (ICA) into the Cognos Analytics trust store by using the same commands as in step 3.
  5. Type the following command to import the preexisting certificate and private key into the Cognos Analytics keystore:
    • On UNIX or Linux operating systems, type
      ThirdPartyCertificateTool.sh -i -e -a RSA -p keystore_password -K encryptCertificate.pfx -w pfx file password
    • On Windows operating systems, type
      ThirdPartyCertificateTool.bat -i -e -a RSA -p keystore_password -K encryptCertificate.pfx -w pfx file password

Results

The command reads the encryptCertificate.pfx and ca.cer files in the install_location\bin directory and imports the certificates from both files into the CAMKeystore file in the install_location\configuration\certs directory using the specified password.

What to do next

You can now configure the Cognos Analytics components to use the certificates. For more information, see Enable the external certificate authority (CA) certificate.